ORDER DENYING MOTION FOR SUMMARY JUDGMENT OF NON-INFRINGEMENT
RONALD M. WHYTE, District Judge.
F5 Networks, Inc. alleges infringement of U.S. Patent Nos. 6,437,802 ("`802 patent"); 7,831,712 ("`712 patent"); 8,103,770 ("`770 patent"); and 8,392,563 ("`563 patent") against plaintiffs and counterclaim-defendants Radware, Inc. and Radware Ltd. On August 10, 2015, Radware filed a motion for summary judgment of non-infringement of the F5 patents. Dkt. No. 240. F5 opposed the motion, and Radware replied. Dkt. Nos. 244, 248-2. F5 then filed a motion for leave to file a surreply. Dkt. No. 250, 251. F5's motion for leave to file a surreply is granted.
For the reasons set forth below, Radware's motion for summary judgment is denied.
I. BACKGROUND
The F5 asserted patents1 relate to load balancing between servers on a network. An HTTP cookie is used "for the purpose of persistently directing HTTP connections to the same destination." `802 patent, col.5, ll.46-47. Many data transmissions use HTTP, an application level protocol for transferring resources across the Internet. `802 patent col.5 ll.52-54. A server, when returning a web page or other HTTP object to a client, may also send a piece of "state" information that the client's web browser may store. Id. col.6 ll.1-3. This state object is called a "cookie," for no compelling reason. Id. col.6 ll.8-9. A cookie may be used, for example, to send back registration information so that a user does not have to retype a user ID number or indicate specific preferences each time the user connects to a website or service. Id. col.6 ll.10-18.
To meet user demand, some content providers host copies of content and applications on multiple servers. A device such as a "server array controller," in the language of F5's patents, might then balance the load among the servers. See `802 patent col.l ll.26-34. In some cases, however, the saved state of the relationship between a client and server may create a load balancing problem. Id. col.6 ll.39-41. For example, each server that is managed by a server array controller may not share the same state relationship with a given client. Id. col.6 ll.41-44. In that case, the controller must persistently send a repeated client HTTP request to the same node server because it is difficult to recreate the same state relationship in another server during the HTTP request/response session. Id. col.6 ll.44-47. The claimed inventions allow a network device to balance load and route clients to the proper server based on information in a cookie.
All four F5 patents share substantially the same specification, and the specifications disclose four distinct modes of operation—associative, passive, insert, and rewrite. These four modes are significant because the parties agree that Radware is licensed to practice two of the four modes described in the patent specifications—the associative mode and the passive mode. See Dkt. No. 240 at 3; Dkt. No. 244 at 4-5. F5 asserts infringement of the unlicensed insert and rewrite modes. Dkt. No. 51-1 at 4-5.
In associative mode, illustrated in Figures 3A and 3B of the asserted patents, the server array controller inserts a cookie with information uniquely identifying the client into the HTTP response's header. `802 patent col.9 ll.39-42. Alternatively, the selected node server may include a cookie command in the HTTP response's header that contains blank information, after which the server array controller will rewrite this blank information with information that uniquely identifies the client. Id. col.9 ll.44-49. The server array controller maps the identified client and the address of the selected node server into a table that is stored in the memory of the controller. Id. col.9 ll.50-53. The other modes do not employ a mapping table that maps client identifiers to selected servers.
Unlike the associative mode, the passive, rewrite, and insert modes generate cookies containing server identifiers, not client identifiers. In passive mode, illustrated in Figures 4A and 4B of the asserted patents, the selected node server generates an HTTP response that includes cookie information identifying the selected node server. Id. col. 10 ll.59-62. The server array controller provides this HTTP response to the client. Id. col.10 ll.65-66. In rewrite mode, illustrated in Figures 5A and 5B of the asserted patents, the selected node server generates an HTTP response that includes a cookie with a blank field without information identifying the selected node server. Id. col.11 ll.55-59. The server array controller then rewrites the blank cookie information to identify the node server and passes the HTTP response with the rewritten cookie information to the client. Id. col.11 ll.61-66. In insert mode, illustrated in Figures 6A and 6B of the asserted patents, the selected node server does not write a cookie. Instead, after the node server provides an HTTP response to the server array controller, the server array controller inserts cookie information identifying the selected node server into the HTTP response and passes it to the client. Id. col.12 l.60-col.13 l.4. In the insert mode, all of the load for inserting and examining cookie information and rewriting data packets is placed on the server array controller, and none is placed on the node servers. Id. col.13 ll.39-43.
The parties agree that there is only one accused product—the version of Radware's Alteon product charted in F5's February 28, 2014 infringement contentions. See Dkt. No. 240 at 12; 244 at 1, n.1. The parties also agree that each cookie in the accused product contains four pieces of information:
• CIP (client IP address) — 8 bytes for IPv4, 32 bytes for IPv6
• VIP (virtual server IP address) or NAT IP — 8 bytes for IPv4, 32 bytes for IPv6
• randomid — 8 bytes
• RPORT — 4 bytes
Dkt. No. 239-4 at 18-19 (citing F5's infringement contentions). F5's infringement contentions state that Alteon "selects the randomid in a manner ensuring that the hash of the randomid (using the one_way_hash_cookie() function) is the rindex that identifies the destination real server for the session." Id. Radware argues that it is entitled to summary judgment of non-infringement because Alteon "does not include a Cookie with Server ID information" and therefore "does not perform the unlicensed insert or rewrite modes, but, at best, performs the licensed associative mode."2 Dkt. No. 240 at 20, 17.
II. ANALYSIS
Summary judgment is proper where the pleadings, discovery, and affidavits demonstrate that there is "no genuine dispute as to any material fact and the movant is entitled to judgment as a matter of law." Fed. R. Civ. P. 56(c); see also Celotex Corp. v. Catrett, 477 U.S. 317, 322 (1986). At the summary judgment stage, the Court "does not assess credibility or weigh the evidence, but simply determines whether there is a genuine factual issue for trial." House v. Bell, 547 U.S. 518, 559-60 (2006). Material facts are those which may affect the outcome of the case. Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248 (1986). A dispute as to a material fact is genuine if there is sufficient evidence for a reasonable jury to return a verdict for the nonmoving party. Id.
In this case, there is no dispute that the cookie information in the associative mode "uniquely identifies the client," while the cookie information in the insert and rewrite modes "identifies the selected node server." See `802 patent, col. 9 ll. 47-48; col. 10 ll. 30-31; col. 12 ll. 21-22; col. 12 ll. 64-66. There is, however, a material dispute about whether the randomid value of Alteon's cookies necessarily implicates the associative mode. There is a similar dispute as to whether Atleon's cookies contain the server identification information required by the claims. Therefore, summary judgment is not appropriate.
A. Whether Alteon Operates in Associative Mode
Radware asserts that the randomid of the Alteon cookie uniquely identifies the client, and that the Alteon uses this value to look up the associated server in a table. Dkt. No. 240 at 3. Specifically, Radware argues that the randomid is "analogous to the `CustID' described in Figure 7E of the patents-in-suit . . . used in the licensed `associative' mode," and that the randomid is hashed to generate a rindex, which in turn "points the server array controller to look in a table (the `Real Address Table' or `RAT') to locate the IP address of the previously selected node server." Dkt. No. 239-6 ¶ 36; Dkt. No. 248-3 at 7. F5 and its expert Dr. Alexander, however, disagree with this view, asserting that the randomid "does not uniquely identify a client, so it is not the client information required by the associative mode" and that the "RAT is not associative because it does not map unique client identifiers to selected servers." Dkt. No. 243-6 ¶ 14; Dkt. No. 249-6 at 3. The court finds that Radware has not shown a lack of dispute about whether Alteon uses a table to map a unique client identifier to a destination server.
In its motion, Radware argues that F5's infringement contentions "identify an Alteon cookie that utilizes a hash function to lookup the real server ID in a table." Dkt. No. 239-4 at 19. F5 responds that "nothing in the claims or the specification of the F5 cookie patents excludes the use of a table with the server identifier in insert and rewrite mode implementations," and F5 points out that the specification references the use of hash values—which may be used in conjunction with tables to represent destination server information—without limiting their use to any particular mode or modes:
Additionally, it is envisioned that a unique identification of a client or a destination may be represented as encoded information in the Cookie. The result of an equation or a hash value . . . may be used to encode the destination uniquely identified in the Cookie. A hash value (or simply hash) is a number generated from a string of text. . . . A hash provides a quickly determinable value in the Cookie for identifying a relationship between the client and the destination.
Dkt. No. 244 at 8-9 (quoting `802 patent, col.16 ll. 4-20).
In Radware's reply, Radware and Dr. Rubin clarify their position that although a hash function may be used in all four modes, "if the result of the hash is an index to an external table" for determining the IP address of the destination server, then the associative mode is implicated. Dkt. No. 248-2 at 6-7. Radware identifies the Real Address Table ("RAT") in Alteon as the external table used to map the hashed randomid value, or rindex, to the server's real IP address. Dkt. No. 248-3 at 9. Although F5 concedes "there is no mapping between particular clients and servers" in the unlicensed modes, F5 maintains that "there could be mapping, including a table that correlates a particular server identifier with the actual address of the corresponding server on the network" in either the insert or rewrite mode. Dkt. No. 243-3 at 3. F5's expert, Dr. Alexander, declared that the RAT "would not make the implementation associative mode, because among other reasons, the table does not use client information to identify the destination server." Dkt. 243-6 ¶ 17; see also Dkt. No. 243-3 at 8. F5's view is that the "RAT is a table mapping two forms of server identification information, the hashed randomid (or rindex) of the server and the server's real ID." Dkt. No. 249-6 at 3. Therefore, crux of the dispute is whether the randomid uniquely identifies a client.
Radware relies on a reference from F5's infringement contentions describing randomid as "an 8-byte random client ID value." Dkt. No. 248-3 at 3, 12 (emphasis added). However, the Alteon documentation also describes rewriting the cookie value so that it "represents the responding server," either as a "value that can be used for hashing into a real server ID" or the "real server IP address." Dkt. No. 243-3 at 9 (emphasis added); see also Dkt. No. 239-7 at 19 ("Alteon device rewrites the cookie to contain a server ID for hashing on subsequent requests."). And F5's infringement contentions contain source code analysis suggesting that the randomid identifies a server. Dkt. No. 249-6 at 2; Dkt. No. 239-7 at 21 ("A generated `cookie' (randomid value) therefore identifies an associated real server, which is the server identified by the rindex produced by passing the `cookie' (randomid value) through the one_way_hash_cookie() function.").
The court finds nothing in the insert and rewrite mode disclosures of the specification that precludes the use of a table for a purpose other than mapping a unique client identifier to a destination server. The experts disagree about whether randomid uniquely identifies the client, and the product documentation cited in F5's infringement contentions is ambiguous. Therefore, a material dispute remains about whether Alteon operates in the associative mode.
B. Whether Alteon's Cookie Contains Server Identification Information
Radware also argues that the accused product cannot infringe because it does not store `server information' in its cookie. Dkt. No. 240 at 3, 12. Radware contends that the accused product cannot infringe any of the asserted claims because each asserted claim requires similar server identification information. Dkt. No. 240 at 22.
F5, on the other hand, contends that the "accused version of Alteon practices the insert and rewrite modes by utilizing cookies with `server identification information,'" Dkt. No. 244 at 1; see also Dkt. No. 243-3 at 8-9 (citing Dkt. No. 243-6, Alexander Decl.). The court is not persuaded by F5's argument that the terms "insert" and "rewrite" as recited in the Alteon manual necessarily implicate the modes disclosed in the patent, but, as explained above, F5 cites to portions of the Alteon manual suggesting that the cookie value "represents the responding server." Dkt. No. 243-3 at 9; see also Dkt. No. 239-7 at 19 ("Alteon device rewrites the cookie to contain a server ID"). Furthermore, F5's source code analysis suggests that that the randomid identifies a server. Dkt. No. 249-6 at 2; Dkt. No. 239-7 at 21). F5's opposition is supported by Dr. Alexander's opinion that the randomid that hashes to the rindex that "identifies the selected real server."3 Dkt. No. 243-6 ¶ 17.
F5 also argues that the "virtual server IP address" value in the Alteon cookie may meet the server identification information claim limitations. Dkt. No. 243-3 at 7; Dkt. No. 249-6 at 3. Radware does not address the virtual IP address in its briefing, but Dr. Rubin opines in his declaration that the "`virtual sever IP address' or VIP refers to the `virtual' address of the server as opposed to its `real' IP address," explaining that "networking devices use the server's virtual address, instead of its `real' address, to communicate with other devices outside of the network" while the real IP address is "disclosed only within the internal network." Dkt. No. 239-6 ¶ 34. In the absence of any discussion of the claim elements, Dr. Rubin's conclusion is not sufficient to show that the virtual IP address could not identify the server.
In sum, Radware has not met its burden to show that there is no dispute that Alteon cookies do not contain "identification data for identifying the selected server," information that "comprises a server identifier," or "information indicating one of the plurality of [destination] servers," as required by the claims.
III. CONCLUSION
For these reasons, the court denies Radware's motion for summary judgment of non-infringement.
The court has filed an unredacted copy of this order under seal. If a party believes that any portion discloses confidential information, it must file a version of the order with the proposed redaction and provide a declaration setting forth the bases for asserting confidentiality. The declaration and proposed redactions may be filed under seal. The court will evaluate any such confidentiality contention and make a decision whether to approve the proposed redaction or to remove it, thus rendering the underlying content public. Any proposed redactions and declarations in support must be filed by November 20, 2015.
IT IS SO ORDERED.
