Elawyers Elawyers
Washington| Change

SSL SERVICES, LLC v. CITRIX SYSTEMS, INC., 769 F.3d 1073 (2014)

Court: Court of Appeals for the Federal Circuit Number: infco20141014166 Visitors: 24
Filed: Oct. 14, 2014
Latest Update: Oct. 14, 2014
Summary: O'MALLEY, Circuit Judge. This patent case involves multi-tier virtual private networks. SSL Services, LLC ("SSL") asserted that Citrix Systems, Inc. and Citrix Online, LLC (collectively, "Citrix") infringed claims contained in U.S. Patent Nos. 6,061,796 ("the '796 Patent") and 6,158,011 ("the '011 Patent"). The district court held a Markman hearing and construed several terms raised on appeal. After a jury trial, the jury found that Citrix willfully infringed claims 2, 4, and 7 of the '011 Pate
More

O'MALLEY, Circuit Judge.

This patent case involves multi-tier virtual private networks. SSL Services, LLC ("SSL") asserted that Citrix Systems, Inc. and Citrix Online, LLC (collectively, "Citrix") infringed claims contained in U.S. Patent Nos. 6,061,796 ("the '796 Patent") and 6,158,011 ("the '011 Patent"). The district court held a Markman hearing and construed several terms raised on appeal. After a jury trial, the jury found that Citrix willfully infringed claims 2, 4, and 7 of the '011 Patent, and that those claims were not shown to be invalid. The jury also found that Citrix did not infringe claim 27 of the '796 Patent. The district court subsequently denied motions for judgment as a matter of law ("JMOL") and a new trial regarding non-infringement of claim 27 of the '796 Patent, willful infringement of the asserted claims of the '011 Patent, and invalidity with respect to those same claims. The district court also denied SSL prevailing party status, awarded prejudgment interest, and precluded the jury from hearing certain testimony.

SSL appeals the district court's denial of a new trial on non-infringement of claim 27 of the '796 Patent, arguing that the district court erred in its claim construction of the terms "intercepting" and "destination address," and in imposing a set step order requirement for the claim. SSL also appeals the district court's finding that it was not the prevailing party in the litigation overall. Citrix cross-appeals the district court's denial of JMOL of no willful infringement and invalidity of claims 2, 4, and 7 of the '011 Patent. Citrix further contests the district court's award of prejudgment interest and asserts that certain of its evidentiary rulings justify a new trial on willful infringement and damages.

Based on the "destination address" limitation, we affirm the denial of a new trial on non-infringement of claim 27 of the '796 Patent. Furthermore, we affirm the district court's denial of JMOL requesting a finding of no willful infringement and invalidity of the asserted claims of the '011 Patent. We also affirm the denial of a new trial based on the district court's evidentiary rulings, and affirm the award of prejudgment interest. Finally, we vacate the district court's denial of prevailing party status to SSL because we find that SSL is the prevailing party, and remand for an assessment of costs and fees.

I. BACKGROUND

A. The SSL Patents

SSL acquired the '796 Patent and '011 Patent from V-One, Inc. ("V-One") in June 2005. Both patents are titled "Multi-Access Virtual Private Network." '796 Patent, at [54] (filed August 26, 1997); '011 Patent, at [54] (filed February 26, 1999). The '011 Patent is a continuation of the '796 Patent. The patents contain virtually identical specifications. The key difference is that the claims of the '011 Patent are directed to allowing users to establish encrypted connections with a server, whereas the claims of the '796 Patent are directed to allowing users to establish encrypted communications with another client computer.

According to the '796 Patent, a Virtual Private Network ("VPN") is "a system for securing communications between computers over an open network such as the Internet." '796 Patent col. 1 ll. 14-16. The asserted patents have the same abstract, which states:

A virtual private network for communicating between a server and clients over an open network uses an applications level encryption and mutual authentication program and at least one shim positioned above either the socket, transport driver interface, or network interface layers of a client computer to intercept function calls, requests for service, or data packets in order to communicate with the server and authenticate the parties to a communication and enable the parties to the communication to establish a common session key. Where the parties to the communication are peer-to-peer applications, the intercepted function calls, requests for service, or data packets include the destination address of the peer application, which is supplied to the server so that the server can authenticate the peer and enable the peer to decrypt further direct peer-to-peer communications.

'011 Patent, at [57]; '796 Patent, at [57].

The claimed methods and system require an authentication and encryption program that encrypts computer files using a "session key"1 before transmitting data over the Internet. Once the other client computer has received the encrypted files, it can decrypt those files using the same session key. This approach allows the transfer of encrypted data directly from one client computer to another client computer over the open network.

For the '796 Patent, only claim 27 is at issue. It states:

A method of carrying out communications over a multi-tier virtual private network, said network including a server and a plurality of client computers, the server and client computers each including means for transmitting data to and receiving data from an open network, comprising the steps of: intercepting function calls and requests for service sent by an applications program in one of said client computers to a lower level set of communications drivers; causing an applications level authentication and encryption program said one of said client computers to communicate with the server, generate a session key, and use the session key generated by the applications level authentication and encryption program to encrypt files sent by the applications program before transmittal over said open network; intercepting a destination address during initialization of communications between said one of said client computers and a second of said client computers on said virtual private network; causing said applications level authentication and encryption program to communicate with the server in order to enable the applications level authentication and encryption program to generate said session key; transmitting said destination address to said server; causing said server to communicate with the second of said two client computers; enabling said second of said two client computers to recreate the session key; causing said authentication software to encrypt files to be sent to the destination address using the session key; and transmitting the encrypted files directly to the destination address.

'796 Patent col. 20 l. 49-col. 22 l. 5.

In the claimed method, a first client computer runs an application that attempts to open a communication link with a second client computer by making "function calls and requests for service"2 to a "lower level set of communication drivers." The patents describe three basic layers: (1) the applications level, (2) the transport driver interface ("TDI") layer, and (3) the network driver interface ("NDI") layer. The patents reference the TDI and NDI layers together as the lower level set of communication drivers.

Before the communication drivers can execute the function call, a software module on the first client computer intercepts the function call. The specification explains that this separate software module is called a "shim." After the shim intercepts the function call, an "authentication and encryption program" initiates communication with the authentication server and generates a session key that is used to encrypt data. For the two client computers to communicate, the "shim" must also intercept the "destination address" of the second client computer and transmit it to the server. The server then communicates with the second client computer, and provides information that allows the second client computer to recreate the previously generated session key.

The first client computer uses the session key to encrypt files. The encrypted files are then transmitted directly to the second client computer over the open network without having to route the communications through the authentication server. The second client computer can decrypt the encrypted files using the recreated session key.

For the '011 Patent, claims 2, 4, and 7 are at issue on appeal. Claim 2 of the '011 Patent is directed to a multi-tier VPN. Claim 4 of the '011 Patent is directed to computer software for installation on a client computer of a multi-tier VPN. Claim 7 of the '011 Patent is directed to a method of carrying out communications over a multi-tier VPN. All three claims include a limitation of "encrypting files," which is the only limitation at issue on appeal for the '011 Patent.

Before SSL acquired the asserted patents from V-One, Citrix and V-One had entered into a joint development and licensing agreement that lasted from 2000 to 2003 ("V-One Agreements"). During this time, Citrix also considered V-One as a potential target for acquisition, and V-One provided Citrix with access to its technology. The purpose of the V-One Agreements was to rebrand and distribute V-One's SmartGate software. While the V-One Agreements incorporated the asserted patents, the SmartGate software did not use the '011 Patent's claimed technology.

B. The Citrix Accused Products

1. The GoTo Products

SSL asserted that Citrix's GoTo Products infringe claim 27 of the '796 Patent. In 2004, Citrix acquiredExpertCity.com. Citrix rebrandedExpertCity.com's products as GoToAssist, GoToMyPC, and GoToMeeting3 (collectively, "GoTo Products"). The GoTo Products allow direct encrypted communication between two computers while bypassing a broker server that cannot access the encrypted data. All of the GoTo Products use a broker server to initialize the communication and that server carries out communications between the computers.

GoToMyPC is a desktop virtualization product that creates a VPN to allow a user to securely access a computer from another remote computer. A user can access the host computer from a remote computer by transmitting to the broker a request to connect to a client computer based on an internal identification number, e.g., MachineNameKey or QuickConnectID. The broker then identifies the location of the host computer on the GoToMyPC network based on the MachineNameKey or Quick-ConnectID. Once the broker identifies the requested host computer, the broker communicates with the host and remote computer to allow the two computers to establish a secure session to exchange encrypted data.

GoToAssist is a remote assistance product that allows an individual, such as a customer support agent, to access a customer's computer securely through a VPN. Although the customer initially requests assistance, the broker forwards that request along with an associated SessionID to available customer support agents so that they may assist the customer. Once a customer support agent accepts the help session request, the broker uses the SessionID to generate a session key and identify the customer's computer to allow communication through a VPN.

GoToMeeting is a virtual meeting product that allows computers to participate in online meetings. When a meeting is scheduled, the meeting organizer's computer communicates with a broker and obtains a MeetingID. The MeetingID is a short number or link that allows other participants to join the meeting. The broker uses this MeetingID to identify participating computers and then sends information securely to the participants' computers through a server.

2. The Access Gateway and Netscaler Products

Access Gateway and Netscaler are software products that enable a computer to communicate securely with a remote server. These products were developed independently by third parties and acquired by Citrix in late 2004 and 2005. On appeal, Citrix does not dispute that Access Gateway and Netscaler include all the limitations of the asserted claims of the '011 Patent, except for the "encrypt files" limitation.

C. Procedural Background

In April 2008, SSL filed suit in the United States District Court for the Eastern District of Texas alleging that Citrix's GoTo Products infringe claim 27 of the '796 Patent. In May 2009, SSL amended its complaint to assert infringement of claims 2, 4, and 7 of the '011 Patent by Citrix's Access Gateway and Netscaler Products.

On May 18, 2011, the district court held a Markman hearing. SSL Servs., LLC v. Citrix Sys., Inc., 816 F.Supp.2d 364, 366 (E.D.Tex.2011). Relevant to this appeal, the district court construed the term "destination address" as used in claim 27 of the '796 Patent as "the network address of a computer or server." Id. at 385.4 The court also construed the term "encrypt files" as used in claims 2, 4, and 7 of the '011 Patent as "to render a set of data used by a program unintelligible without decrypting." Id. at 384.

After a jury trial, the jury found that: (1) Citrix's Go To Products did not infringe claim 27 of the '796 Patent; (2) Citrix's Access Gateway and Netscaler products directly and indirectly infringed claims 2, 4, and 7 of the '011 Patent; (3) Citrix willfully infringed the asserted claims of the '011 Patent; and (4) Citrix had not proved that the asserted claims of the '011 Patent were invalid. Consequently, the jury awarded $10 million in damages.

SSL then filed a motion for: (1) prejudgment interest, (2) post-judgment interest, (3) enhanced damages, and (4) entry of final judgment. Citrix filed a motion for entry of final judgment and an award of prevailing party status. The district court granted-in-part and denied-in-part SSL's motion by: (1) awarding prejudgment interest, (2) awarding post-judgment interest as agreed by the parties, (3) awarding an additional $5 million in enhanced damages for a total of $15 million in damages, and (4) denying prevailing party status to SSL and refusing to impose costs on that ground. Addressing Citrix's motion, the district court entered a Final Judgment on September 17, 2012, but denied Citrix's request for prevailing party status and costs.

The parties subsequently filed post-trial motions. The district court denied Citrix's motions for judgment as a matter of law ("JMOL") and for a new trial on noninfringement, invalidity, willful infringement, and damages relating to the claims of the '011 Patent. SSL Servs., LLC v. Citrix Sys., Inc., 940 F.Supp.2d 480, 485 (E.D.Tex.2013). The court also denied SSL's motion for JMOL on its infringement claim relating to claim 27 of the '796 Patent and/or for a new trial on that claim. Id.

SSL and Citrix filed notices of appeal on May 17, 2013. This court has jurisdiction over both the appeal and cross-appeal pursuant to 28 U.S.C. § 1295(a)(1) (2012).

II. DISCUSSION

A. Standard of Review

The Federal Circuit reviews decisions on motions for JMOL, motions for a new trial, and evidentiary rulings under the law of the regional circuit. Verizon Servs. Corp. v. Cox Fibernet Va., Inc., 602 F.3d 1325, 1331 (Fed.Cir.2010). Here, the applicable regional circuit is the Fifth Circuit. Under Fifth Circuit law, we review the denial of a motion for JMOL de novo while applying the same standards as the district court. Cambridge Toxicology Grp., Inc. v. Exnicios, 495 F.3d 169, 179 (5th Cir.2007). "[JMOL] is appropriate only when a `reasonable jury would not have a legally sufficient evidentiary basis to find for the party on that issue.'" Id. (quoting Fed.R.Civ.P. 50(a)(1)).

The Fifth Circuit reviews the denial of a new trial for an abuse of discretion. Industrias Magromer Cueros y Pieles S.A. v. La. Bayou Furs Inc., 293 F.3d 912, 924 (5th Cir.2002). "`There is no such abuse of discretion unless there is a complete absence of evidence to support the verdict.'" Id. (quoting Sam's Style Shop v. Cosmos Broad. Corp., 694 F.2d 998, 1006 (5th Cir.1982)). The Fifth Circuit also reviews evidentiary rulings for an abuse of discretion. Huss v. Gayden, 571 F.3d 442, 452 (5th Cir.2009); Paz v. Brush Engineered Materials, Inc., 555 F.3d 383, 387-88 (5th Cir.2009).

Claim construction is a question of law reviewed de novo. Lighting Ballast Control LLC v. Philips Elecs. N. Am. Corp., 744 F.3d 1272, 1276-77 (Fed.Cir. 2014) (en banc). Infringement is a question of fact reviewed for substantial evidence. ACCO Brands, Inc. v. ABA Locks Mfrs. Co., 501 F.3d 1307, 1311 (Fed.Cir. 2007). Obviousness is a question of law based on specific factual findings. Graham v. John Deere Co., 383 U.S. 1, 17-18, 86 S.Ct. 684, 15 L.Ed.2d 545 (1966). We presume that the jury resolved the underlying factual disputes in favor of the verdict and review those factual findings for substantial evidence. Kinetic Concepts, Inc. v. Smith & Nephew, Inc., 688 F.3d 1342, 1356-57 (Fed.Cir.2012).

B. SSL's Appeal

On appeal, SSL asserts that the district court erred in failing: (1) to grant SSL's motion for a new trial on infringement of claim 27 of the '796 Patent, and (2) to find that SSL was the prevailing party.

1. The '796 Patent

a) Destination Address

The district court construed "destination address" as "the network address of a computer or server." SSL Servs., 816 F.Supp.2d at 385. In support, it pointed to the claim language, finding that the phrase "destination address" refers to the address on the network of the claimed second client computer. Id. at 386. Turning to the written description, the district court emphasized the distinction between the terms "destination" and "destination address." Id. The district court explained that to construe "destination address" the same as "destination" would write the term "address" out of the former term. Id. It further clarified that the network address is not limited to Internet Protocol ("IP") based protocols, concluding that the claimed invention may use non-IP based protocols. Id.

(1) Claim Construction

Although SSL agrees that "[t]he plain meaning of `destination address' is the address of the destination — here, the second client computer or server," it asserts that the district court erred in interpreting the term to require a network address, and then further equating "network address" with IP address. Appellant Br. 45-47. SSL argues that the district court should adopt its construction: an "[i]dentifier for a desired location." Appellant Br. 48; see also SSL Servs., 816 F.Supp.2d at 385. Citrix responds that the district court correctly construed the claim language in the context of a claim covering transmissions between computers on an open network as a network address of a computer.

We agree with Citrix that the district court correctly construed the term "destination address." To determine the scope and meaning of the asserted claims, we look to the words of the claims, the specification, the prosecution history, and any relevant extrinsic evidence. Phillips v. AWH Corp., 415 F.3d 1303, 1315-17 (Fed.Cir.2005) (en banc). We find the claim language regarding the destination address informative. Claim 27 requires "means for transmitting data to and receiving data from an open network." '796 Patent col. 20 ll. 49-53. The claim further states "intercepting a destination address during initialization of communications between said one of said client computers and a second of said client computers on said virtual private network," and "transmitting the encrypted files directly to the destination address." Id. at col. 20 l. 66-col. 21 l. 2, col. 22 ll. 4-5. Consequently, the destination address is the address for a second client computer on the network, which is the network address of that specific computer. Furthermore, the language of transmitting the files directly to the destination address that is intercepted during the initialization of communications suggests that the destination address allows transmission to the target client computer without having to distinguish or differentiate through various internal identifiers or other methods to determine where those files need to be delivered. This requires the destination address to be the network address.

The written description further supports the district court's construction. It states that the most commonly used set of software routines for the transport or TDI layer is the transport control protocol ("TCP")/IP protocol, where the TCP packages the data into datagrams and provides addressing functions, and the IP "further packages those datagrams into packets by adding additional headers used in routing the packets to a destination address." '796 Patent col. 3 ll. 16-24. The written description also describes other transport protocols that can be used, including the user diagram protocol ("UDP"), the internet control message protocol, and non-IP based protocols such as Netbeui or IPX. Id. col. 3 ll. 24-28. It further states that "the shim 55 intercepts IP packets from applications ... [and] checks the destination address (which can be in TCP format, UDP format, and so forth)." Id. col. 10 ll. 45-48. This language suggests that the "destination address" is a part of the address portion of data packets in a network address format. Therefore, we conclude that the district court correctly construed the term "destination address" to mean "network address."

While SSL alleges that the district court's construction limited the format to an IP format, we disagree. As discussed above, the district court clarified that "the claimed invention is not limited to IP-based protocols and may use non-IP based protocols." SSL Servs., 816 F.Supp.2d at 386. Although the district court focused on how the accused products use IP-based protocols during its infringement analysis, the district court properly did not limit the construction of the term "destination address" to an IP address.

(2) Request for a New Trial

SSL argues that even if we agree that the district court correctly construed the term "destination address," our analysis of the infringement verdict must continue. SSL asserts that it is entitled to a new trial if we agree that any one of the disputed claim constructions was erroneous, arguing that we must assess the constructions relating to all the disputed limitations before we can rest assured that the jury's non-infringement finding was not infected by some error. Because the jury returned a general verdict of non-infringement after hearing multiple theories of non-infringement, SSL argues that "it would be impossible for this Court to discern whether the jury rested its verdict of non-infringement on the erroneous claim construction." Appellant Br. 52.

We agree that the general verdict rule applies with the same force in patent cases as it does in all other cases. We also agree that Citrix misreads our decision in Verizon Servs. Corp. v. Cox Fibernet Va., Inc., 602 F.3d 1325 (Fed.Cir.2010), which does not even address the general verdict rule or reach any conclusions regarding how that rule might have been implicated — or avoided — on the facts presented.5 We find, however, that there is no evidence in the record from which a good faith argument can be made that the Citrix GoTo Products' identifiers are "network addresses" as that term was construed by the district court. Because we now affirm that construction, we conclude that, even if the district court erred in its construction of the other challenged limitations, the result the jury reached — the finding of non-infringement — would not change. In these circumstances, we soundly can base our conclusion that the non-infringement verdict stands on the fact that the single network address limitation is not practiced by the accused products. See Teleflex, Inc. v. Ficosa N. Am. Corp., 299 F.3d 1313, 1328 (Fed.Cir.2002) ("We may affirm the jury's findings on infringement or validity issues if substantial evidence appears in the record supporting the jury's verdict and if correction of the errors in a jury instruction on claim construction would not have changed the result, given the evidence presented.").

SSL seems to concede that it must show prejudice in the trial court's instructions to the jury regarding the meaning of a relevant claim term before an erroneous instruction regarding any such term can justify disturbing a jury verdict. See, e.g., Ecolab Inc. v. Paraclipse, Inc., 285 F.3d 1362, 1373 (Fed.Cir.2002) ("A party seeking to alter a judgment based on erroneous jury instructions must establish that `those instructions were legally erroneous,' and that `the errors had prejudicial effect.'") (quoting Advanced Display Sys., Inc. v. Kent State Univ., 212 F.3d 1272, 1281 (Fed.Cir.2000)). It implies, however, that prejudice must be presumed whenever a general verdict makes it impossible to discern on which specific limitation the jury rested its verdict of non-infringement. The cases upon which SSL relies do not give rise to such a presumption, however, and we know of no case law that creates one. The general verdict rule guards against the threat of a tainted or improper verdict. See SEB S.A. v. Montgomery Ward & Co., 594 F.3d 1360, 1374 (Fed.Cir. 2010) ("Under the general verdict rule, where one or more of multiple claims is found legally invalid, a reviewing court must reverse and order a new trial if [the reviewing court is] unable to determine whether the invalid theory tainted the verdict.") (citation omitted), aff'd on other grounds, ___ U.S. ___, 131 S.Ct. 2060, 179 L.Ed.2d 1167 (2011). But, the burden to establish that such a threat exists is on the party challenging the verdict. Ecolab, 285 F.3d at 1373. SSL has not satisfied the burden of establishing that an error in any other claim construction could have changed the verdict here if we conclude, as we have, that the "destination address" in claim 27 of the '796 Patent means the "network address of a computer or server."

While SSL argued that the Citrix GoTo Products' identifiers would infringe under SSL's construction of "destination address" because they are "identifier[s] for a desired location," SSL did not argue in its opening brief to this court that the GoTo Products would still infringe under the district court's construction. See Appellant Br. 48-49. Not until its reply did SSL contend that the jury might have found that the Citrix GoTo Products met the destination address limitation as construed by the district court. Appellant Reply Br. 32-33. And, even then, SSL failed to point to testimony or evidence in the record upon which such a finding could be predicated.6 Accordingly, we find that SSL waived the argument that the jury could have found that the GoTo Products met the destination address limitation under the district court's construction. See SmithKline Beecham Corp. v. Apotex Corp., 439 F.3d 1312, 1319 (Fed.Cir.2006) ("Our law is well established that arguments not raised in the opening brief are waived." (citation omitted)).

Even if this argument was not waived, moreover, all relevant evidence supports the finding that the Citrix GoTo Products' identifiers7 are not "network addresses" that are intercepted during initialization of communications between the first and second client computer where the encrypted files are transmitted directly. First, there is no dispute that the Citrix GoTo Identifiers are not IP addresses. The GoTo Products, however, use IP-based protocols. Accordingly, the network addresses of the client computers running the GoTo Products necessarily are the respective IP addresses. Therefore, because the GoTo Identifiers are not the IP addresses of the client computers, the record commands the finding that the Citrix GoTo Products do not contain the "destination address" limitation. Second, the first client computer never knows the IP address of the second client computer based on the GoTo Identifiers. Only the intermediary, such as a broker or communications server, knows the second client computer's IP address. Accordingly, the GoTo Products could neither intercept nor provide the network address to direct the encrypted files. Because the GoTo Identifiers are not the IP address of the second client computer, the "destination address" limitation is simply not met. SSL proffers no facts or evidence to support a contrary conclusion. Consequently, we affirm the denial of SSL's motion for a new trial on infringement of the '796 Patent, without considering the "intercepting" and step order limitations.8

2. Prevailing Party

We review the district court's determination of whether a party is the "prevailing party" under Federal Rule of Civil Procedure 54(d) and 35 U.S.C. § 285 de novo. See Shum v. Intel Corp., 629 F.3d 1360, 1367 (Fed.Cir.2010); Inland Steel Co. v. LTV Steel Co., 364 F.3d 1318, 1320 (Fed.Cir.2004). In a patent case, Federal Circuit law governs the determination of which party has prevailed. 35 U.S.C. § 285 ("The court in exceptional cases may award reasonable attorney fees to the prevailing party."); Fed.R.Civ.P. 54(d)(1) ("Unless a federal statute, these rules, or a court order provides otherwise, costs — other than attorney's fees — should be allowed to the prevailing party"); Manildra Milling Corp. v. Ogilvie Mills, Inc., 76 F.3d 1178, 1182 (Fed.Cir.1996). To be the "prevailing party," we require: (1) that the party "received at least some relief on the merits," and (2) "[t]hat relief must materially alter the legal relationship between the parties by modifying one party's behavior in a way that `directly benefits' the opposing party." Shum, 629 F.3d at 1367 (citations omitted); see also Farrar v. Hobby, 506 U.S. 103, 111-12, 113 S.Ct. 566, 121 L.Ed.2d 494 (1992) ("[A] plaintiff `prevails' when actual relief on the merits of his claim materially alters the legal relationship between the parties by modifying the defendant's behavior in a way that directly benefits the plaintiff."). A party does not need to prevail on all claims to qualify as the prevailing party. See Kemin Foods, L.C. v. Pigmentos Vegetales Del Centro S.A. de C.V., 464 F.3d 1339, 1347-48 (Fed.Cir.2006).

The district court found that Citrix prevailed on non-infringement of the '796 Patent and SSL prevailed on willful infringement of the '011 Patent. Accordingly, the district court concluded that neither party is the prevailing party because "both parties achieved some success and sustained some failure." J.A. 62-63. It then held that each side shall bear its own costs. SSL asserts that it is the prevailing party as it obtained a judgment that Citrix willfully infringed the asserted claims of the '011 Patent. Citrix requests that we affirm the district court's conclusion that neither party prevailed and that the district court did not abuse its discretion in denying costs because Citrix "received greater relief by winning on the primary '796 patent." Appellee Br. 57.9

We find that the district court erred in holding that SSL was not the prevailing party. It is well-established that there is a distinction between being eligible for fees as the prevailing party and the discretionary decision to award fees. See Farrar, 506 U.S. at 111-13, 113 S.Ct. 566; Manildra, 76 F.3d at 1182-83. A party "prevails" when "actual relief on the merits of his claim materially alters the legal relationship between the parties ... in a way that directly benefits the [party]." Farrar, 506 U.S. at 111-12, 113 S.Ct. 566. For example, the Supreme Court in Farrar found that a plaintiff who won nominal damages was still the prevailing party because a judgment for damages in any amount modified the defendant's behavior to the plaintiff's benefit. Id. The Court explained that the degree of the overall success impacts only the reasonableness of the fee award. Id. Therefore, a district court may award minimal or no fees after considering the amount of success to the prevailing party. Id. at 115-16, 113 S.Ct. 566.

In this case, the district court found that SSL proved willful infringement of the three asserted claims of the '011 Patent by Citrix's Access Gateway and Netscaler Products. In light of this infringement finding, the jury awarded lump-sum damages of ten million dollars, which the district court enhanced to a total of fifteen million dollars. See SSL Servs., 940 F.Supp.2d at 486; J.A. 60. In contrast, while Citrix did obtain a finding of non-infringement as to claim 27 of the '796 Patent, it did not prove the asserted claims of the '011 Patent were invalid, and it was found to have infringed the '011 Patent.

Despite some success by Citrix in defending against some of SSL's claims, we agree with SSL that it is the prevailing party. SSL has a judgment for damages against Citrix. This judgment is a "relief on the merits [that] materially alters the legal relationship" of the parties. Farrar, 506 U.S. at 111, 113 S.Ct. 566; Manildra Milling Corp., 76 F.3d at 1182 ("[A] judgment for damages in any amount modifies the defendant's behavior to the plaintiff's benefit."). Even though SSL did not succeed on all of its infringement claims, this does not change the outcome. See Kemin, 464 F.3d at 1347-48 (upholding a district court's finding that a patent holder is the prevailing party when it "prevailed on one of its two infringement claims (resulting in a damages award and a permanent injunction)," and the patent holder "prevailed on [the accused infringer's] invalidity and unenforceability claims."). In view of the parties' respective successes, we find SSL is the "prevailing party" for purposes of Federal Rule of Civil Procedure 54(d) and 35 U.S.C. § 285.

Finding SSL to be the prevailing party, however, does not automatically entitle it to any particular level of fees. See Shum, 629 F.3d at 1366 ("An award of costs thus involves two separate inquir[i]es. First, who is the `prevailing party' within the meaning of Rule 54(d)(1). Second, how much (if any) costs should be awarded to the prevailing party." (citation omitted)). Accordingly, we vacate the district court's finding of no prevailing party and remand so that the district court may assess the amount of fees or costs to award to SSL in connection with the claims on which it prevailed.

C. Citrix's Cross-Appeal

On cross-appeal, Citrix argues that this court should grant JMOL of non-infringement or remand for a new trial on SSL's claims under the '011 Patent. Citrix raises several issues in its cross-appeal: (1) non-infringement based on the "encrypt files" limitation; (2) invalidity; (3) willful infringement; (4) the propriety of the district court's evidentiary ruling regarding expert reliance on the V-One Agreements; and (5) the award of prejudgment interest. We address these issues below.

1. The '011 Patent

a) "Encrypt Files"

The asserted claims of the '011 Patent include a limitation to "encrypt files." The district court construed the term as "to render a set of data used by a program unintelligible without decrypting." SSL Servs., 816 F.Supp.2d at 384-85. Citrix did not challenge this claim construction. In explaining its construction, the district court stated that "the term cannot be construed so broadly that it would include `packets,' `datagrams' or other types of communications. However, this does not mean that an accused device that encrypts packets automatically falls outside of the scope of the claims, but instead requires that at a minimum the encryption must occur at the file level." Id. Furthermore, the district court concluded "that one of ordinary skill in the art would interpret `files' as `a set of data used by a program.'" Id. at 385. The district court later denied Citrix's request for JMOL on non-infringement of the '011 Patent. SSL Servs., 940 F.Supp.2d at 485.

In considering Citrix's motion for JMOL of non-infringement, the district court found that the jury's infringement verdict — that the Access Gateway and Netscaler products "encrypt files" as construed by the court — was supported by substantial evidence. Id. at 494-95. In support, the court pointed to the testimony of SSL's expert and demonstrative slides, which provided evidence from which a jury could determine that the products encrypted files. Id.

Citrix argues that the jury's infringement verdict is not supported by substantial evidence that Citrix's Access Gateway and Netscaler products "encrypt files." Citrix focuses on the difference between encrypting files and encrypting "packets." It asserts that SSL's expert provided no evidence on the "encrypt files" limitation. SSL disagrees and states that the testimony of its expert combined with the exhibits shown to the jury provide substantial evidence to support finding that Citrix's products practice this limitation.

We agree that substantial evidence supports the jury's verdict of infringement. Although the district court distinguished between encrypting files and packets, it construed the term "encrypt files" as "to render a set of data used by a program unintelligible without decrypting." SSL Servs., 816 F.Supp.2d at 384. Citrix does not dispute this construction. The testimony of SSL's expert on the encryption of files supports the conclusion that the Access Gateway and Netscaler products do, in fact, "render a set of data used by a program unintelligible without decrypting."

SSL's expert, Dr. Kelly, testified that the Access Gateway and Netscaler products used encrypted communications, and that the data it sends over the Internet to the server is encrypted. Specifically, he explained that the data flows from an application through a shim to the Net6VPN.exe program where it is encrypted. Dr. Kelly also relied on demonstrative slides to show the flow of data from an application to the encryption program through a shim where that encrypted data is then sent to the server. Based on this evidence, we affirm the district court's denial of Citrix's motion for JMOL of noninfringement because we find substantial evidence to support the jury verdict of infringement of the claims of the '011 Patent.

b) Invalidity of the SSL Patents

On appeal, Citrix asserts that claims 2, 4, and 7 of the '011 Patent would have been obvious under Takahashi et al., "Communication Method with Data Compression and Encryption for Mobile Computing Environment" ("Takahashi") in view of Request for Comment on the Generic Security Service Application Program Interface (GSS-API) ("RFC1508"). The parties dispute whether: (1) Takahashi discloses applications level authentication and encryption software, and (2) RFC1508 discloses how to perform mutual authentication. Claims 2, 4, and 7 all require "applications level encryption and authentication software."10 '011 Patent col. 13 ll. 8-9, 52-53; col. 14 ll. 55-56.

A patent claim is invalid as obvious if the claimed invention as a whole would have been obvious to a person having ordinary skill in the art at the time of the invention. 35 U.S.C. § 103. Obviousness is a question of law based on specific factual findings, including: (1) the scope and content of the prior art; (2) differences between the claimed invention and the prior art; (3) the level of ordinary skill in the art; and (4) any relevant secondary considerations, including commercial success, long-felt but unsolved needs, and the failure of others. Graham, 383 U.S. at 17-18, 86 S.Ct. 684. We presume that the jury resolved the underlying factual disputes in favor of the verdict and review those factual findings for substantial evidence. Kinetic Concepts, 688 F.3d at 1356-57. A party must prove an invalidity defense by clear and convincing evidence. Microsoft Corp. v. i4i Ltd. P'ship, ___ U.S. ___, 131 S.Ct. 2238, 2242, 180 L.Ed.2d 131 (2011). We review the ultimate legal conclusion of obviousness de novo in light of the underlying factual findings. Kinetic Concepts, 688 F.3d at 1356-57.

Citrix argues that the district court erred in denying JMOL on invalidity based on Takahashi in view of RFC1508. While Citrix asserts that Takahashi discloses the use of encryption software at the applications level, SSL argues that the district court correctly denied JMOL on invalidity of the '011 Patent as Takahashi does not disclose the use of authentication and encryption software on the applications level. The district court agreed with SSL and found that the object identified in Takahashi was not on the applications level. SSL Servs., 940 F.Supp.2d at 499-500.

We agree with SSL that substantial evidence supports the finding that Takahashi does not disclose the authentication and encryption software at the applications level. Takahashi discloses a "Communication Method with Data Compression and Encryption for Mobile Computing Environment." J.A. 6865. This method uses a "secure communication add-in program" to perform encryption. J.A. 6866. This secure communication add-in program "intercepts the send command of the application program from WinSock API, compresses its data in the send command, encrypts the data, and then returns this command to WinSock DLL, which is properly transferred." J.A. 6866-67.

Takahashi Figure 8 (reproduced below) discloses the program structure for the compression and encryption methods.

J.A. 6870. Looking at this figure, SSL's expert testified that the encryption software is not located at the applications level. J.A. 2368-70. The figure shows the applications (AP) separate from the "Compress and Encryption process." J.A. 6870.

Citrix argues that the software in Takahashi is on the applications level because it is above the TDI layer. Appellee Br. 63. We disagree. That software is located above the TDI level does not make it part of the applications level. For example, the '011 Patent explains that the Winsock element is located above the TDI level, but the Winsock is not deemed part of the applications level. See J.A. 110 (col. 3 ll. 60-64). SSL's expert also testified that the Winsock software, which appears above the TDI level, is not in the applications level. J.A. 1261-63. Therefore, Citrix's argument that, if Takahashi discloses software above the TDI layer, it is automatically a part of the applications level is unpersuasive. Furthermore, as seen in Figure 8, Takahashi separates the applications from the encryption software at issue. Because we find substantial evidence exists that Takahashi does not disclose an applications level authentication and encryption software, we do not address whether RFC1508 discloses mutual authentication. Therefore, we affirm the district court's denial of JMOL for invalidity because Citrix did not show by clear and convincing evidence that claims 2, 4, and 7 were invalid as obvious by Takahashi in view of RFC1508.

c) Willful Infringement

To establish willful infringement, the patent holder must show clear and convincing evidence that: (1) "the infringer acted despite an objectively high likelihood that its actions constituted infringement" and (2) "that this objectively-defined risk ... was either known or so obvious that it should have been known to the accused infringer." In re Seagate Tech., LLC, 497 F.3d 1360, 1371 (Fed.Cir. 2007) (en banc). We review the first objective prong de novo and the second subjective prong for substantial evidence. See Bard Peripheral Vascular, Inc. v. W.L. Gore & Assocs., 682 F.3d 1003, 1005-08 (Fed.Cir.2012), cert. denied, ___ U.S. ___, 133 S.Ct. 932, 184 L.Ed.2d 752 (2013).

The district court first found that Citrix acted despite an objectively high likelihood that its actions constituted infringement of a valid patent. The jury then addressed the subjective prong — whether Citrix actually knew or should have known that its actions constituted an unjustifiably high risk of infringement of a valid and enforceable patent. The jury found that Citrix willfully infringed the '011 Patent. For the following reasons, Citrix has failed to show that the district court erred in denying its motion for JMOL regarding willful infringement. Accordingly, we affirm the district court's willful infringement determination.

(1) Objective Prong

In concluding that Citrix acted despite an objectively high likelihood that its actions constituted infringement of a valid patent, the district court found that Citrix's alleged defenses of invalidity and non-infringement were not reasonable.

Citrix argues that, because its non-infringement and invalidity defenses were reasonable, the district court erred in denying JMOL of no willful infringement. In support, Citrix relies on the fact that the district court did not grant summary judgment and that the United States Patent and Trademark Office ("USPTO") rejected the relevant claims of the '011 Patent multiple times over the same prior art references presented at trial during the initial phases of an ex parte reexamination. SSL responds that it satisfied its burden of proving that Citrix's defenses of non-infringement and invalidity were objectively unreasonable. SSL contends that there was ample evidence presented at trial, including expert testimony, which shows Citrix's non-infringement defense based on the "encrypt files" limitation and its invalidity defenses involving Takahashi were meritless. SSL further argues that the ex parte reexamination supports its own position that Citrix acted unreasonably because the USPTO ultimately rejected Citrix's invalidity arguments under the lower preponderance of the evidence standard. SSL asserts that if Citrix was unable to prove the '011 Patent was invalid under the lower preponderance of the evidence standard employed by the USPTO, it is unreasonable for Citrix to re-raise such arguments under the clear and convincing standard at the district court.

The district court's finding that SSL met the threshold objective prong is supported by the record. The jury soundly rejected Citrix's invalidity argument and non-infringement arguments. As noted above, the Takahashi reference does not disclose an applications level encryption program. Although not dispositive, the USPTO similarly found Citrix's invalidity arguments unfruitful, despite the lower preponderance of the evidence standard. Further, we recognize that most of the limitations for the asserted claims of the '011 Patent were uncontested. And we find that infringement of the only limitation raised on appeal of "encrypt files" was clearly supported by substantial evidence. Accordingly, we agree with the district court that SSL satisfied the objective prong.

(2) Subjective Prong

After the district court found the objective prong satisfied, it submitted the issue of willful infringement to the jury. The jury returned a verdict finding that Citrix willfully infringed the relevant claims of the '011 Patent. SSL and the district court pointed to several items to support the jury's finding of willfulness, including the V-One Agreements, V-One executives' confirmation of Citrix's knowledge of the '011 Patent, Citrix's full access to the V-One technology, and a Citrix executive's admission of knowledge of the '011 Patent based on the V-One Agreements.

Citrix disagrees, claiming that substantial evidence does not support the subjective prong of willfulness. It asserts that there is no evidence that anyone at Citrix had read the '011 Patent nor that Citrix should have investigated that patent regarding Access Gateway and Netscaler. Further, it states that the V-One Agreements were only distribution agreements for the SmartGate product, which did not embody the '011 Patent.

We agree that SSL presented substantial evidence that Citrix knew of the objectively high risk that its products infringed the asserted claims of the '011 Patent. SSL presented evidence that Citrix first became aware of the '011 Patent in 2000 based on the V-One Agreements. SSL Servs., 940 F.Supp.2d at 504. Citrix negotiated and executed the agreements with V-One. Id. The V-One Agreements specifically identified and incorporated the '011 Patent. Id. Furthermore, a former Citrix executive, Bill Mangum, testified that he knew of the '011 Patent as a result of Citrix's relationship with V-One. Id. A V-One executive also testified that Citrix knew of the '011 Patent and that V-One had provided Citrix with access to its technology relating to the '011 Patent. Id. Based on this evidence, we do not find that the district court erred in denying Citrix's motion for JMOL on the subjective prong of SSL's claim of willful infringement.

Citrix argues that it should receive a new trial on willfulness because the court prevented the jury from hearing fact testimony from its Chief Engineer, Marco Murgia, that: (1) Citrix believed in good faith that its products were non-infringing; and (2) that reexamination proceedings had been initiated at the PTO. The district court held that Murgia could not opine on whether the accused products infringed claims of the '011 Patent to support Citrix's good faith belief of non-infringement. SSL Servs., 940 F.Supp.2d at 500-01. Specifically, the district court found that "it would be significantly prejudicial to allow a fact witness[ ] to testify as to his opinions on the issues of infringement and validity, particularly when the testimony expressing such an opinion would be rendered without regard for how this Court has construed the claims." Id. at 500. The district court also precluded testimony on the then ongoing reexaminations, stating that its limited probative value (as the proceedings were still ongoing at that time) was substantially outweighed by its prejudicial effect. Id. at 501. We find that the district court did not abuse its discretion in precluding Murgia's testimony on these items.

As mentioned above, we review a district court's exclusion of evidence under the law of the regional circuit. Where evidence is excluded because its probative value is outweighed by its potential prejudice under Rule 403 of the Federal Rules of Evidence, the Fifth Circuit reviews the trial court's determination for "clear abuse of discretion" resulting in substantial prejudice. Wellogix Inc. v. Accenture LLP, 716 F.3d 867, 882 (5th Cir.2013). We cannot say the district court abused its discretion in excluding this evidence. As for Murgia's personal beliefs regarding non-infringement, the fact that they were beliefs formed by a lay person without the benefit of the court's claim construction determinations rendered them of little probative value and potentially prejudicial.

The same is true with respect to the evidence of activity in an ongoing reexamination. As we noted recently, "this court's precedent has often warned of the limited value of actions by the PTO" to establish a good faith belief of invalidity. VirnetX, Inc. v. Cisco Sys., Inc., No. 13-1489, 767 F.3d 1308, 1324, 2014 WL 4548722, at *12 (Fed.Cir. Sept. 16, 2014) (citing Hoechst Celanese Corp. v. BP Chems. Ltd., 78 F.3d 1575, 1584 (Fed.Cir. 1996) ("[G]rant by the examiner of a request for reexamination is not probative of unpatentability.") and Acoustical Design, Inc. v. Control Elecs. Co., 932 F.2d 939, 942 (Fed.Cir.1991) ("[I]nitial rejection by the [PTO] ... hardly justifies a good faith belief in the invalidity of the claims.")). As we did in VirnetX, we conclude that the district court did not abuse its discretion in finding that the probative value of unfinished agency proceedings was substantially outweighed by the risk of unfair prejudice to the patentee and the potential for misleading the jury, thereby justifying exclusion under Federal Rule of Evidence 403. See, e.g., SynQor, 709 F.3d at 1380 (finding no abuse of discretion for excluding non-final reexamination evidence as being "confusing and more prejudicial than probative"); Callaway Golf Co. v. Acushnet Co., 576 F.3d 1331, 1342-43 (Fed.Cir. 2009) (finding the probative value of a copending reexamination marginal and the effect likely to be highly prejudicial). For these reasons, we affirm the district court's exclusion of this evidence.

d) Evidentiary Ruling on Damages

Again applying Fifth Circuit law, we review evidentiary rulings and the denial of a motion for a new trial for an abuse of discretion. Huss, 571 F.3d at 452; Paz, 555 F.3d at 387-88. Citrix argues that the district court abused its discretion by allowing SSL's damages expert to rely on the V-One Agreements, which were not patent licenses, in his damages analysis. These 2000 and 2001 agreements were between V-One and Citrix, and referenced the '011 Patent as intellectual property that was relevant to the technology underlying the agreements. Though the agreements only supplied Citrix with distribution rights to the Smartgate software product and provided no patent license, the court found the agreements "sufficiently `comparable' to be probative of the hypothetical negotiation" as they involve the actual parties, relevant technology, and were close in time to the date of the hypothetical negotiation. SSL Servs., 940 F.Supp.2d at 489-90. The district court also concluded that the information in the licenses was relevant to other Georgia Pacific factors, including V-One's licensing policies and the parties' respective competitive positions. Id. at 490; Georgia-Pacific Corp. v. U.S. Plywood Corp., 318 F.Supp. 1116, 1120 (S.D.N.Y. 1970).

Although both sides used the V-One Agreements in their analyses,11 Citrix now contends that SSL should not have been allowed to rely on these agreements. But Citrix's own expert stated that these agreements were the closest comparable information for a hypothetical negotiation that he could find. SSL Servs., 940 F.Supp.2d at 490. And, SSL's expert expressly addressed the differences between the license negotiations and any hypothetical negotiations, thereby clarifying for the jury where such differences might exist and the limited value of such evidence.

As the district court concluded, the V-One agreements are sufficiently probative of the circumstances which would surround a hypothetical negotiation to be admissible. We do not discount all agreements regarding the technology at issue other than licenses addressing the price terms and circumstances at issue in the case at bar. The trial court carefully assessed the probative value of the V-One agreements and properly concluded that any issues regarding their fit to the precise facts presented should be addressed by way of cross-examination. We agree. In these circumstances, we find that the district court did not abuse its discretion in allowing SSL's expert to rely on the V-One Agreements.

e) Prejudgment Interest

"Upon finding for the claimant the court shall award the claimant damages adequate to compensate for the infringement, but in no event less than a reasonable royalty for the use made of the invention by the infringer, together with interest and costs as fixed by the court." 35 U.S.C. § 284. "[P]rejudgment interest should be awarded under § 284 absent some justification for withholding such an award." Gen. Motors Corp. v. Devex Corp., 461 U.S. 648, 657, 103 S.Ct. 2058, 76 L.Ed.2d 211 (1983). The purpose of prejudgment interest is to place the patentee in as good a position as he would have been had the infringer paid a reasonable royalty rather than infringe. Beatrice Foods v. New England Printing, 923 F.2d 1576, 1580 (Fed.Cir.1991). We review the award of prejudgment interest for an abuse of discretion. Gen. Motors Corp., 461 U.S. at 657, 103 S.Ct. 2058.

The district court awarded prejudgment interest in the amount of $4.5 million calculated to 2004, when the infringement began. Citrix alleges that awarding prejudgment interest was an abuse of discretion because it did not receive notice of potential infringement until the filing of the complaint in May 2009. It asserts that SSL delayed bringing the lawsuit, and should not be rewarded for that delay. As part of the willful infringement finding discussed above, however, the district court found that Citrix knew of the '011 Patent as early as 2000, when it entered into the V-One Agreements. Consequently, we find that the district court did not abuse its discretion in awarding prejudgment interest back to 2004 — the date the infringement began. By awarding SSL prejudgment interest to 2004, the district court placed SSL in the position it would have been in had Citrix paid a reasonable royalty upon notice of the '011 Patent and its relevance to the technology it chose to market.

III. CONCLUSION

For the reasons stated above, we affirm the district court's judgment of non-infringement of the '796 Patent, willful infringement of the '011 Patent, no invalidity of the '011 Patent, award of prejudgment interest, and find no error in its evidentiary rulings. We also vacate the district court's finding of no prevailing party and remand for further proceedings consistent with this opinion.

AFFIRMED-IN-PART, VACATED-IN-PART, AND REMANDED.

FootNotes


1. The parties agreed that a "session key" is "a sequence of bits that is input into an encryption algorithm to encrypt data for a session." SSL Servs., LLC v. Citrix Sys., Inc., 816 F.Supp.2d 364, 372 (E.D.Tex.2011).
2. An example of a function call or request for service is an instruction to "connect" to another client computer. Appellee Br. 12.
3. GoToMeeting is materially the same as GoToWebinar and GoToTraining. Joint Appendix ("J.A.") 4017. Therefore, we address all of these products together as part of GoToMeeting.
4. The parties also dispute the propriety of the trial court's construction of the term "intercepting" as used in the '796 Patent and whether there is a step order required for practicing the method claimed. For reasons explained below, we do not resolve the parties' debate on those terms.
5. We specifically conclude that Verizon does not, as Citrix contends, stand for the proposition that a general verdict of non-infringement may be affirmed upon a decision that the district court's challenged construction of even one claim term relating to a single claim limitation is correct. That is so only, where, as here, there is no argument and no evidence that substantial evidence might have supported a finding of non-infringement under the first challenged construction which we consider.
6. While SSL cites to the trial court's refusal to grant summary judgment or otherwise take the question of infringement from the jury, those orders are not the same as record evidence.
7. MeetingID, SessionID, MachineNameKey, or QuickConnectID (collectively, "GoTo Identifiers").
8. We do not imply that the trial court's construction of those terms was erroneous, we simply do not reach those questions.
9. Citrix does not argue that the trial court erred in denying it prevailing party status, only that it was correct to find that neither party is a prevailing party in the circumstances at issue here.
10. Claim 7 uses slightly different wording of an "applications level authentication and encryption program." '011 Patent col. 14 ll. 55-56.
11. Citrix's damages expert used a 1% royalty rate based on the V-One Agreements, whereas SSL's damages expert used a 2.5 to 3% royalty rate based on those same agreements.
Source:  Leagle

Can't find what you're looking for?

Post a free question on our public forum.
Ask a Question
Search for lawyers by practice areas.
Find a Lawyer