BETH LABSON FREEMAN, United States District Judge.
Before the Court are the parties' respective motions for summary judgment. Plaintiff Finjan, Inc. ("Finjan") seeks summary judgment that Defendant Blue Coat Systems, Inc.'s ("Blue Coat") Internet security software products infringe one of its patents and that several of its patents are not invalid. Blue Coat seeks summary judgment that certain of its products do not infringe several of Finjan's patents. After careful consideration, Finjan's Motion for Summary Judgment is GRANTED IN PART and DENIED IN PART and Blue Coat's Motion for Summary Judgment is GRANTED IN PART and DENIED IN PART.
Finjan asserts ten patents against Blue Coat: U.S. Patent No. 8,677,494 ("the '494 patent"); U.S. Patent No. 8,566,580 ("the '580 patent"); U.S. Patent No. 8,079,086 ("the '086 patent"); U.S. Patent No. 8,225,408 ("the '408 patent"); U.S. Patent No. 6,154,844 ("the '844 patent"); U.S. Patent No. 6,965,968 ("the '968 patent"); U.S. Patent No. 7,418,731 ("the '731 patent"); U.S. Patent No. 9,141,786 ("the '786 patent"); U.S. Patent No. 9,189,621 ("the '621 patent"); and U.S. Patent No. 9,219,755 ("the '755 patent") (collectively, "the Asserted Patents"). Broadly speaking, the patents relate to two technology areas: (1) content-based security, and (2) secure sockets layer ("SSL") communication.
At a high level, content-based security identifies, isolates, and neutralizes actually or potentially malicious code in files downloaded from the Internet based on the detected behavior and characteristics of the code in those files, rather than scanning and maintaining a list of known viruses and actual malicious code signatures.
The '844 patent claims a system and methods of network protection where an inspector reviews a "Downloadable" for suspicious code or behavior according to a set of rules. '844 patent, col. 2 ll. 3-19. A
The '494 patent also relates to inspecting a "Downloadable" for suspicious behavior. '494 patent, Abstract. Its claims, however, are directed to a narrower aspect of this, which involve the solution of: (1) intercepting an incoming Downloadable; (2) scanning the Downloadable and deriving "security profile data," which includes "a list of suspicious computer operations that may be attempted by the Downloadable;" and (3) storing the "security profile data" in a "database." Id., col. 21 l. 20, col. 22 l. 8.
The '086 patent also concerns a discrete aspect of inspecting a "Downloadable" for suspicious behavior. '086 patent, Abstract. Similar to the '494 patent, its claims recite (1) receiving an incoming Downloadable and (2) scanning it and deriving "security profile data," which includes "a list of suspicious computer operations that may be attempted by the Downloadable." Id., col. 22 ll. 9-15. However, instead of storing the "security profile data" in a database, the '086 patent claims "transmitting the Downloadable and a representation of the Downloadable security profile data to a destination computer." Id., col. 22 ll. 16-20.
The '731 patent describes systems and methods of operating computer and network gateways that protect an intranet of computers. '731 patent, Abstract. The claimed inventions provide for caching of security information and policies at the gateway. Id. This caching of specific types of security profiles and security policies mitigates network latency — delay in the transmission of data — caused when the gateway processes downloadable information to protect intranet devices. Id., col. 1 ll. 55-67.
The '968 patent is directed to policy-based caching, and more specifically to the management of multiple caches. '968 patent, Abstract. Content from the Internet can be cached so that the same web page does not have to be retrieved each time a user on the network requests the page. See id., col. 3 ll. 34-40. However, users on the same network can also have different security policies — sets of rules that govern whether a file is allowed through the security filter. Id., col. 4 ll. 14-19. The '968 patent provides a system and method of managing cached content in relation to multiple security policies by, inter alia, providing a "policy-based index ... indicating allowability of cached content relative to a plurality of policies" that can be easily utilized by a cache manager to determine whether cached content is allowable for different requesting users. Id., col. 1 l. 63-col. 2 l. 11.
The '786 patent provides systems and methods for protecting devices on an internal network from code, applications, and/or information downloaded from the Internet that performs malicious operations. '786 patent, Abstract. At a high level, the disclosed embodiments describe a protection engine that generally resides on a network server and inspects incoming downloads for executable code. Id., col. 2 l. 20-col. 3 l. 4. Upon detection of executable code, the protection engine deploys "mobile protection code" ("MPC") and protection policies to the download destination. Id., col. 3 ll. 5-21. MPC is "code that, at runtime, monitors or intercepts actually or potentially malicious code operations." ECF 180 at 1;
The '621 and '755 patents relate to the use of operating system probes to monitor the behavior of a system during runtime. '621 patent, col. 21 ll. 33-53; '755 patent, col. 22 ll. 30-63. Certain detected information or operations can be compared against a security policy and, as appropriate, trigger responsive action. Id.
The '408 patent is directed towards using a "parse tree" to scan content to detect malicious code, known as exploits. '408 patent, Abstract. A "parse tree" is "a hierarchical structure of interconnected nodes built from scanned content." ECF 180 at 2. When the system of the '408 patent receives an incoming stream of content to be scanned, it sequentially reads in tokens
SSL is a protocol that is used to send encrypted, secure communications between a client and a server. Id., col. 1 ll. 10-12. In order to set up a secure SSL connection, the client and the server must first perform a series of initial exchanges, commonly referred to as the "SSL handshake." Ex. 5 to Blue Coat Mot. at BC2-0024371, ECF 225-5; Ex. 21 to Blue Coat Mot. at 16:11-19:15, ECF 226-24; Ex. 17 to Finjan Opp. at BC2-0778678, ECF 240-26. The handshake begins when the client sends a request to initiate an SSL connection, or a "client hello." Id. The server then sends the client a certificate verifying its identity and the server's public key, which the client can use to encrypt the information it sends to the server. Id. The encrypted information can be decrypted by a private key, which only the server knows. Id. After this exchange of information, the client and server share an SSL connection because the client can send encrypted information (using the server's public key) which only the server knows how to decrypt. See id.
The '580 patent relates to methods and systems for efficiently providing an SSL connection between a client and server where one or several intermediate gateway computers lie in the transmission path. '580 patent, Abstract. Prior art solutions enabled SSL communication between a client and a server in these networks by maintaining an SSL connection at every step in the transmission chain:
Id., Fig. 1(c), col. 1 ll. 21-37. Unfortunately, the additional SSL connections meant "additionally degrade[d] performance and cause[d] additional latency." Id., col. 1 ll. 35-37.
The '580 patent purports to solve this problem by "splitting" the SSL connection between the client and the server, so that the client and the server can communicate using SSL without requiring an SSL connection throughout: Id., Fig. 2., col. 3 l. 62-col. 4 l. 5.
Setting up this split SSL connection works as follows: a client sends a request to initiate an SSL connection (i.e., a "client hello"), which gets received by the next computer in the chain, the first security computer. Id., col. 4 ll. 36-38, col. 5 ll. 28-30. The first security computer passes this request to the intermediate third party gateway computer, which passes it to the second security computer, which passes it to the server. Id., col. 4 ll. 37-57, col. 5 ll. 30-64. Once the server receives the request, it responds with its certificate (which includes its public key). Id., col. 4 ll. 57-60, col. 5 ll. 64-67. This response is received by the second security computer, which passes it to the third party gateway computer, which passes it to the first security computer. Id., col. 4 l. 65-col. 5 l. 2; col. 6 ll. 24-27. (Specifically, the second security computer does this by appending the server certificate attributes to a header in a CONNECT reply message, which it sends to the third party gateway computer, which the sends it to the first security computer. Id., col. 4 l. 60-col. 5 l. 1, col. 6 ll. 12-14.) The first security computer then creates its own "proxy signed certificate" "using the attributes of the server certificate" with its own public key, and then passes it off to the client. Id., col. 5 ll. 3-10, col. 6 ll. 36-40.
The end result is a system that, in operation, works as follows: the client will encrypt information using the first security computer's public key (received from the "proxy signed certificate"). See id. The first security computer will then decrypt that information and re-encrypt it with the server's public key. See id., col. 4 l. 65-col. 5 l. 2; col. 6 ll. 24-27. This encrypted information will then be passed to the third party gateway computer, which passes it to the second security computer, which passes it to the server. See id., col. 4 ll. 57-60, col. 5 ll. 64-67. The server will then decrypt it using its private key. See id. Thus, even though there is an intermediate third party gateway computer, information is only encrypted with a recipient's
A final aspect of this system is that the first security computer maintains a cache of the server certificates it receives, so that the second security computer does not always have to send server certificates to the first security computer. Id., col. 5 ll. 14-16. During the SSL handshake, when the client sends a request to initiate an SSL connection with a specific server and that request is first received by the first security computer, the first security computer will check its certificate cache to see if it already has a certificate for that server. Id., col. 5 ll. 30-33. If it does, it will append a "fingerprint or hash of the certificate server" to the SSL connection request that it sends (directly or indirectly through third party gateway computer(s)) to the second security computer. Id., col. 5 ll. 33-39. The second security computer will then also generate a "fingerprint or hash" of the server it receives from the certificate and check to see if it matches what it received from the first security computer. Id., col. 6 ll. 3-8. If it does, the second security computer will skip the step of appending the server's certificate to its reply message. Id., col. 6 ll. 17-19. If it does not, the second security computer will send the server's certificate to the first security computer, as described above. Id., col. 6 ll. 8-14. The first security computer will then use this information to update its certificate cache, as necessary. Id., col. 6 ll. 28-35.
Finjan accuses Blue Coat's ProxySG, Content Analysis System ("CAS"), Advanced Secure Gateway ("ASG"), Web Security Service ("WSS"), SSL Visibility Appliance ("SSLV"), Malware Analysis Appliance ("MAA"), and WebPulse service of infringing various claims of the asserted patents. ProxySG is a proxy server that provides, among other things, web security through policy control. CAS is a content inspection appliance that ProxySG can use for additional analysis of files. ASG is a single appliance that combines the functionality of ProxySG and CAS. WSS is a product that combines the functionality of ProxySG and CAS as a web-hosted service.
SSLV is a stand-alone appliance that performs SSL inspection, decryption, and management. It can be deployed by itself in a network or in-line with other appliances, such as a ProxySG. Finjan accuses a configuration where SSLV is deployed in-line with ProxySG of infringing the '580 patent.
MAA is an appliance that provides a customizable sandboxing environment. It can integrate with CAS (which, in turn, can integrate with ProxySG) or ASG. Finjan accuses a combination of ProxySG, CAS, and MAA, as well as a combination of ASG and MAA, of infringing the '844,-'731, '968, '494, '621, '755, and '786 patents. Blue Coat also offers MAA functionality as a cloud-based service, referred to as MAS, which can be used in conjunction with WSS. Finjan accuses a combination of WSS and MAS of infringing the '844, '731,-'968, '086, '494, '621, and '755 patents.
WebPulse is a cloud-based infrastructure that categorizes web pages and runs background processes, some of which look for evidence of malware activity. It is provided as part of Blue Coat's Global Intelligence Network ("GIN"), which is an umbrella name for Blue Coat's suite of intelligence services. WebPulse contains a real-time content analyzer component called the Dynamic Real-Time Rating ("DRTR") service. WebPulse or "Web-Pulse/GIN," either alone or in combination with WSS, is accused of infringing all of the Asserted Patents except for the '580 patent.
Patent Asserted Claims Accused Products '844 1, 7.15 WebPulse/GIN, WSS with WebPulse/GIN, WSS with ALAS: ASG with MAA. SA with MAA '731 1, 2 ASG with MAN, WSS with WebPulse/GIN, WSS with MAS '968 1 ASG with MAA, WSS with WebPulse/GIN, WSS with MAS '986 24 WebPulse/GIN, WSS with WebPulse/GIN, WSS with MAS, SA with MAA '494 10, 14, 16 WebPulse/GIN, WSS with WebPulse/GIN, WSS with MAS: ASG with MAA, ProxySG and CAS with MAA; SA with MAA '621 1, 10 WebPulse/GIN, WSS with MAS; ProxySG and CAS with MAA, ASG with MAA '755 3 ProxySG and CAS with MAA, ASG with MAA '786 1 WebPulse/GIN, WSS with MAS, ProxySG and CAS with MAA, ASG with MAA '580 1 SSLVA with ProxySG '408 22 WebPulse, WSS with WebPulse
The parties in this dispute are neither unfamiliar with each other nor this Court. On August 28, 2013, Finjan initiated a first patent infringement action, Case No. 5:13-CV-03999-BLF ("Blue Coat I"), against Blue Coat, alleging that Blue Coat infringed the '844, '968, and '731 patents, as well as U.S. Patent Nos. 6,804,780 ("the '780 patent"), 7,058,822 ("the '822 patent"), and 7,647,633 ("the '633 patent"). The parties tried all six patents before a jury who, on August 4, 2015, found that Blue Coat infringed the '844, '968,'731, '633, and '780 patents and awarded Finjan a total of $39,528,487 in lump-sum damages. Blue Coat I, ECF 438 at 2-3, 6-7. The Court entered final judgment on July 18, 2016. Blue Coat I, ECF 556.
On July 7, 2015, five days before the beginning of trial in Blue Coat I, Finjan initiated the instant suit. ECF 1. The parties have amended their pleadings several times. ECF 39, 46, 47, 62, 63, 65, 155, 161, 171.
On July 28, 2016, ten days after the Court entered final judgment in Blue Coat I, Finjan moved for a preliminary injunction, seeking to enjoin Blue Coat's alleged infringement of the '494 patent through the DRTR component. ECF 71. The Court denied Finjan's motion. ECF 149. On September 16, 2016, Blue Coat moved for judgment on the pleadings that the '494 patent was invalid for failure to claim patent-eligible subject matter under 35 U.S.C. § 101. ECF 104. The Court also denied that motion. ECF 156.
On January 31, 2017, the parties filed a joint stipulation notifying the Court that they had resolved all pending claim construction disputes and stipulating to certain agreed-upon constructions for six terms. ECF 175. The Court granted the parties' stipulation. ECF 178. The parties have since filed a further stipulation stating that they agree that certain additional terms should be given their plain and ordinary meaning. ECF 270.
The parties filed the instant motions for summary judgment on May 17, 2017. ECF 224, 228. The Court heard argument on June 22, 2017. ECF 273.
Federal Rule of Civil Procedure 56 governs motions for summary judgment. Summary judgment is appropriate if the evidence and all reasonable inferences in the light most favorable to the nonmoving party "show that there is no genuine issue as to any material fact and that the moving party is entitled to a judgment as a matter of law." Celotex Corp. v. Catrett, 477 U.S. 317, 322, 106 S.Ct. 2548, 91 L.Ed.2d 265 (1986). The current version of Rule 56 authorizes a court to grant "partial summary judgment" to dispose of less than the entire case and even just portions of a claim or defense. See Fed. R. Civ. P. advisory committee's note, 2010 amendments; Ochoa v. McDonald's Corp., 133 F.Supp.3d 1228, 1232 (N.D. Cal. 2015). As such, a court can, "when warranted, selectively fillet a claim or defense without dismissing it entirely." Id.
The moving party "bears the burden of showing there is no material factual dispute," Hill v. R + L Carriers, Inc., 690 F.Supp.2d 1001, 1004 (N.D. Cal. 2010), by "identifying for the court the portions of the materials on file that it believes demonstrate the absence of any genuine issue of material fact." T.W. Elec. Serv. Inc. v. Pac. Elec. Contractors Ass'n, 809 F.2d 626, 630 (9th Cir. 1987). In judging evidence at the summary judgment stage, the Court "does not assess credibility or weigh the evidence, but simply determines whether there is a genuine factual issue for trial." House v. Bell, 547 U.S. 518, 559-60, 126 S.Ct. 2064, 165 L.Ed.2d 1 (2006). A fact is "material" if it "might affect the outcome of the suit under the governing law," and a dispute as to a material fact is "genuine" if there is sufficient evidence for a reasonable trier of fact to decide in favor of the nonmoving party. Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248, 106 S.Ct. 2505, 91 L.Ed.2d 202 (1986).
Where the moving party will have the burden of proof on an issue at trial, it must affirmatively demonstrate that no reasonable trier of fact could find other than for the moving party. Celotex, 477 U.S. at 325, 106 S.Ct. 2548; Soremekun v. Thrifty Payless, Inc., 509 F.3d 978, 984 (9th Cir. 2007). Once the moving party meets its initial burden, the nonmoving party must set forth, by affidavit or as otherwise provided in Rule 56, "specific facts showing that there is a genuine issue for trial." Liberty Lobby, 477 U.S. at 250, 106 S.Ct. 2505 (internal quotation marks omitted). If the nonmoving party's "evidence is merely colorable, or is not significantly probative, summary judgment may be granted." Id. at 249-50, 106 S.Ct. 2505 (internal citations omitted). Mere conclusory, speculative testimony in affidavits and moving papers is also insufficient to raise genuine issues of fact and defeat summary judgment. See Thornhill Publ'g Co. v. GTE Corp., 594 F.2d 730, 738 (9th Cir. 1979). For a court to find that a genuine dispute of material fact exists, "there must be enough doubt for a reasonable trier of fact to find for the [non-moving party]." Corales v. Bennett, 567 F.3d 554, 562 (9th Cir. 2009).
Finjan seeks summary judgment that WebPulse/GIN and certain combinations of gateway products — (1) ProxySG and CAS with MAA and (2) ASG with MAA — infringe claim 10 of the '494 patent. Finjan also seeks summary judgment that its patents are not invalid
Finjan accuses WebPulse/GIN, ProxySG and CAS with MAA, and ASG with MAA of infringing claim 10 of the '494 patent. Claim 10 recites:
'494 patent, col. 22 ll. 7-17. A "Downloadable" is "an executable application program, which is downloaded from a source computer and run on the destination computer." ECF 180 at 1. A "database" is "a collection of interrelated data organized according to a database schema to serve one or more applications." Id.
Finjan seeks summary judgment that "WebPulse/GIN"
Blue Coat, on the other hand, disagrees that some of the alleged "security profile data," [Redacted] "includ[es] a list of suspicious computer operations." Blue Coat Opp. 3-5. Blue Coat also argues there are at least disputed issues of fact as to whether the alleged [Redacted] are "databases." Id. at 5-7. With respect to the [Redacted] Blue Coat argues that it does not store a "list of suspicious operations" [Redacted] Id. at 5-7. [Redacted] Blue Coat argues that it does not store a "list of suspicious computer operations" [Redacted] does not "includ[e] a list of suspicious computer operations." Id. at 7. As support for these arguments, Blue Coat cites almost exclusively to the report and testimony of its expert, Dr. Nielson. Id. at 3-7.
The Court agrees that summary judgment is inappropriate, at least for the reason that disputed questions of fact remain as to whether the "database manager..." limitation is satisfied by either [Redacted] the Court notes, as an initial matter, that the parties appear to disagree as to the scope of "database:" Finjan argues that "database" encompasses key-value pairings [Redacted] whereas Blue Coat argues it does not. Compare Finjan Mot. 8-9, Finjan Reply 4-5, with Blue Coat Opp. 6-7. On this point, the Court agrees with Finjan that key-value pairing can be a "database" within the context of the '494 patent. The parties stipulated that "database" should be construed as "a collection of interrelated data organized according to a database schema." ECF 180 at 1. Keyvalue pairings are a way of organizing interrelated data — keys to their related values. To the extent that "schema" implies a greater level of organization and/or relation between data than this, the Court finds it inappropriate to restrict the scope of "database" in this way. The plain language of claim 10 simply recites "database," and nothing in the specification suggests that "database" should be restricted to any certain degree of data organization. See Phillips v. AWH Corp., 415 F.3d 1303, 1312 (Fed. Cir. 2005) ("[T]he words of a claim are generally given their ordinary and customary meaning.") (internal citation and quotation marks omitted). Indeed, the specification contrasts "database" with single-dimensional data structures (i.e., that have no interrelation) such as "list" or "array," but it provides no further clarification. '494 patent, col. 10 l. 11 ("list, array, database, etc."); id., col. 17 l. 11 ("list, database or other storage structure(s) or storage structure configuration(s)"). Blue Coat cannot artificially restrict "database" through a one-sided interpretation of the parties' stipulation.
Nevertheless, [Redacted] disputed questions of fact remain as to whether it satisfies the remainder of the limitation. Claim 10 requires that the "database" store "security profile data," which must include a "list of suspicious computer operations." The parties disagree as to whether [Redacted] See Ex. 30 to Finjan Mot. at BC2-1884319, ECF 227-14. On one hand, Blue Coat's engineer testified that [Redacted]
[Redacted]
Ex. 3 to Finjan Reply at 66:8-22, ECF 249-10. However, construing this evidence in the light most favorable to Blue Coat, this excerpt only suggests that [Redacted] Further, the parties' experts appear to disagree as to whether the source code confirms that [Redacted] Compare Ex. 26 to Finjan Mot. (Cole Rpt.) ¶¶ 1276, 1465-66, ECF 227-6 [Redacted] with Ex. 27 to Finjan Mot. (Nielson Rpt.) ¶ 318, ECF 227-8 [Redacted] Thus, based on the evidence before it, the Court cannot rule out that there are no material factual disputes as to whether [Redacted] is an infringing "database." As such, summary judgment of infringement is inappropriate.
In sum, material questions of fact remain at least as to whether the Web-Pulse/GIN infringes the "database manager..." limitation of claim 10. Finjan's motion for summary judgment is DENIED.
Finjan also seeks summary judgment that "the accused combinations of gateway products — (1) ProxySG and CAS with MAA and (2) ASG with MAA — infringe claim 10. The parties only substantially dispute whether the accused combinations satisfy the final limitation of claim 10.
Blue Coat responds that there is at least a material factual dispute as to whether any of these components are infringing "databases." Specifically, [Redacted] Blue Coat argues that it does not "stor[e] ... security profile data" which "includ[es] a list of suspicious operations" [Redacted] Blue Coat Opp. 8-10. With respect to the [Redacted] Blue Coat argues that it also does not "stor[e] ... security profile data" [Redacted] Id. at 10-11. With respect to [Redacted] Blue Coat argues that this cannot be a "database" that is part of a "system for managing Downloadables" because it is instead only used [Redacted] Id. at 11-13. Blue Coat points out that this is underscored by the fact that [Redacted] which is an unacceptable substitute for the required "security profile data." Id. at 12.
The Court addresses each of Blue Coat's challenges in turn. Turning to [Redacted] the Court agrees with Blue Coat that there are at least disputed questions of material fact as to whether this comprises
Turning to [Redacted] the Court also finds that there are material questions of fact as to whether this is a "database" which "stor[es] ... security profile data" within the meaning of claim 10. For example, [Redacted] Ex. 45 to Finjan Mot. at BC2-1895322, ECF 227-34. However, pattern data used for matching is not the same as matches of suspicious operations that have been located for a particular file. Further, [Redacted] See, e.g., Ex. 8 to Blue Coat Opp. at 210:16-22, ECF 238-11 [Redacted] Ex. 9 to Blue Coat Opp. at 29:3-11, ECF 238-12 [Redacted] Thus, there are at least disputed questions of fact as to whether [Redacted] "stor[es] ... security profile data" which includes a "list of suspicious operations," not all operations. Accordingly, the Court cannot grant summary judgment on the basis that [Redacted] is the infringing "database."
Turning to the [Redacted] the Court also finds that there are material questions of fact as to whether this comprises a "database" that "stor[es] ... security profile data." For example, [Redacted] Ex. 48 to Finjan Mot. at 90:8-18, ECF 227-36; see also Ex. 6 to Finjan Reply at 253:15-17. However, there is conflicting evidence as to whether these patterns amount to a "list of suspicious operations." See, e.g., Ex. 5 to Finjan Reply at 48:20-25, ECF 249-16 [Redacted] Accordingly, this is a factual dispute that must be left for the jury. The Court cannot grant summary judgment on the basis that [Redacted] is the infringing "database."
In sum, material questions of fact remain at least as to whether the accused combinations of gateway products infringe the "database manager ..." limitation of claim 10. Finjan's motion for summary judgment is DENIED.
Finjan moves for summary judgment that the '731 and '580 patents are not invalid because Blue Coat has not disclosed any expert opinion on their validity. Finjan Mot. 16-17. Blue Coat responds that a finding of invalidity need not be supported by expert testimony, and points out that it has at least provided invalidity contentions and prior art reference elections
Blue Coat's arguments are unconvincing. This is not a case where the "references and [Blue Coat's] invention[s] are easily understandable without the need for expert explanatory testimony." Union Carbide Corp. v. Am. Can Co., 724 F.2d 1567, 1573 (Fed. Cir. 1984). Accordingly, in order to bear its burden of proving invalidity by clear and convincing evidence at trial, Blue Coat will need to present "testimony from one skilled in the art [which] identif[ies] each claim element, state[s] the witnesses' interpretation of the claim element, and explain[s] in detail how each claim element is disclosed in the prior art reference." Schumer v. Lab. Computer Sys., Inc., 308 F.3d 1304, 1315 (Fed. Cir. 2002). Because it disclosed no expert opinion on the '731 and '580 patents, Blue Coat will be unable to do this. Accordingly, Finjan's motion for summary judgment that the '731 and '580 patents are not invalid is GRANTED.
Finjan seeks summary judgment that the '494 and '408 patents are not invalid on the basis that Blue Coat is estopped from asserting invalidity under 35 U.S.C. § 315(e)(2). The parties do not dispute the underlying facts: In 2016, Blue Coat joined several third-party IPRs which were filed against the '494 and '408 patents. Exs. 56-59 to Mot., ECF 230-20 through 230-23. For each, the PTAB has issued final written decisions. Exs. 11, 15, 19 to Mot., ECF 229-11, 229-15, 229-18 The chart below summarizes the grounds raised and outcomes of each:
Patent Grounds in Petition Instituted Final Written Decision (IPR) Grounds '494 patent Swimmer (§§ 102, § 103) Swimmer Swimmer (§ 103): some (IPR2015-1892) Cline in view of Ji '600 (§ 103) (§ 103) claims unpatentable, Forrest in view of Ji '600 (§ 103) other claims not unpatentable '494 patent Touboul (§§ 102. § 103) Swimmer Swimmer (§ 103): some (IPR2016-00159) Touboul in view of Swimmer (§ 103) (§ 103) claims unpatentable; Touboul in view of Ji '600 (§ 103) Swimmer other claims not Swimmer (§ 103) and unpatentable Swimmer in view of Martin (§ 103) Martin Swimmer and Martin (§ (§ 103) 103): no claims unpatentable '408 patent Chandnani and Kolawa (§ 103) All All grounds: no claims (IPR2015-2001) Chandnani, Kolawa, and Walls (§ 103) grounds unpatentable Chandnani, Kolawa, and Huang (§ 103) (IPR2016-00157) Chandnani, Kolawa, Walls, and Huang (§ 103)
Here, Blue Coat challenges claims 10, 14, and 16 of the '494 patent as obvious over Griffin, Ji '348, and Nachenberg. Ex. 12 to Blue Coat Opp. at 126, ECF 237-12. Blue Coat challenges claim 22 of the '408 patent as obvious over (1) Kolawa and Necula '774 and (2 Kolawa, Li, and Chandnani. Id.
Finjan argues that, because Blue Coat was a party (through joinder) to the abovelisted IPRs, § 315(e)(2) precludes it from asserting prior art that it raised or reasonably could have raised during these proceedings. Finjan argues that all of the references currently asserted by Blue Coat fall within this because they are "patents
Blue Coat does not dispute that it was a party to the above-listed IPRs, but nevertheless argues that it is not bound by § 315(e)(2) estoppel because, under the Federal Circuit's decision in Shaw Indus. Grp., Inc. v. Automated Creel Sys., Inc., 817 F.3d 1293, 1300 (Fed. Cir. 2016), cert. denied, ___ U.S. ___, 137 S.Ct. 374, 196 L.Ed. 2d 292 (2016), estoppel only applies to arguments that reasonably could have been raised after institution, not grounds that were not instituted or never raised in the petition. Blue Coat Opp. 14-16. Because none of the IPRs instituted on the prior art combinations that Blue Coat asserts in this case, Blue Coat argues, § 315(e)(2) estoppel does not apply. Id. In reply, Finjan argues that Shaw is inapposite, because it applies only to estoppel when invalidity grounds were raised in the petition but denied institution. Finjan Reply 10-11.
Under § 315(e)(2), "[t]he petitioner in an [IPR] ... that results in a final written decision ... or the real party in interest or privy of the petitioner, may not assert ... in a civil action ... that [a] claim is invalid on any ground that the petitioner raised or reasonably could have raised during" IPR. 35 U.S.C. § 315(e)(2). In Shaw Indus. Grp., 817 F.3d at 1300, the Federal Circuit addressed the application of this language in a case where the PTAB had instituted IPR on some grounds but not others, and found that § 315(e)(2) did not create estoppel for the non-instituted grounds. The court reasoned this was the case because "[b]oth parts of § 315(e) create estoppel for arguments `on any ground that the petitioner raised or reasonably could have raised during that inter partes review'" and "IPR does not begin until it is instituted." Id. (emphasis in original). Thus, the court reasoned, it was impossible for the petitioner to have "raised or reasonably could have raised" the non-instituted grounds during IPR. Id.
Since Shaw, a number of district courts — including at least one in this District — have interpreted § 315(e)(2) estoppel as applying only to grounds that were both raised in the IPR petition and instituted in the IPR proceeding. See, e.g., Verinata Health, Inc. v. Ariosa Diagnostics, Inc, No. 12-CV-05501-SI, 2017 WL 235048, at *3 (N.D. Cal. Jan. 19, 2017). However, other district courts have disagreed that Shaw applies so broadly, finding that, in the case of grounds that were never raised in the IPR petition, Shaw is mere dicta and § 315(e)(2) estoppel can still apply. See, e.g., Cobalt Boats, LLC, v. Sea Ray Boats, Inc., No. 2:15-CV-00021-HCM-LRL, Dkt. No. 285, slip op. at 5-6, 2017 WL 2605977 (E.D. Va. June 5, 2017).
The Court adopts the approach of its sister court in this District and follows the broader interpretation of Shaw: § 315(e)(2) estoppel applies only to grounds that were both raised in the IPR petition and instituted in the IPR proceeding. Applied to the facts here, Blue Coat is not estopped under § 315(e)(2) from pursuing any of the invalidity combinations that it currently asserts against the '494 and '408 patents. None of the IPRs were
Finjan argues that collateral estoppel bars Blue Coat from challenging the validity of the '844, '968, and '731 patents because it challenged the validity of these patents in Blue Coat I and lost. Finjan Mot. 21-22. Finjan argues that all of the elements of collateral estoppel are met here: the issue — validity — is identical, Blue Coat I ended in a final judgment on the merits, and Blue Coat was a party in the first proceeding. Id.
Blue Coat responds that, under the Federal Circuit's decision in Nasalok Coating Corp. v. Nylok Corp., 522 F.3d 1320, 1326 (Fed. Cir. 2008), whether Blue Coat is precluded from arguing invalidity with respect to the patents asserted in Blue Coat I should be governed by questions of res judicata, not collateral estoppel. Blue Coat Opp. 19-20. Blue Coat then argues that res judicata does not apply here because the accused products for the '844, '968, and '731 patents are different from Blue Coat I. Id.
Blue Coat's rebuttal is unconvincing. Collateral estoppel and res judicata are separate concepts. See Roche Palo Alto LLC v. Apotex, Inc., 531 F.3d 1372, 1381 n.2 (Fed. Cir. 2008). Finjan moves only on the basis of collateral estoppel, so the Court will only conduct a collateral estoppel analysis. Nasalok does not compel a contrary approach, as it was only a res judicata case. See Nasalok Coating Corp., 522 F.3d at 1326 ("[o]nly the doctrine of claim preclusion is relevant in this case"). Blue Coat's position is also belied by recent district court cases which have decided the question of whether collateral estoppel bars invalidity claims in later suits. See, e.g., Rudolph Technologies, Inc. v. Camtek Ltd., 2016 WL 8668504, *4-*6 (D. Minn. Aug. 8, 2016); Fairchild Semiconductor Corporation v. Power Integrations, Inc., 2015 WL 1905871, *2 (D. Del. Apr. 23, 2015).
Collateral estoppel bars re-litigation of issues adjudicated in an earlier proceeding if: (1) the issue necessarily decided at the previous proceeding is identical to the one which is sought to be relitigated; (2) the first proceeding ended with a final judgment on the merits; and (3) the party against whom collateral estoppel is asserted was a party or in privity with a party at the first proceeding. See Reyn's Pasta Bella, LLC v. Visa USA, Inc., 442 F.3d 741, 746 (9th Cir. 2006). There is no dispute that Blue Coat I ended in a final judgment on the merits and that the parties are the same. Thus, the only question is whether the issues are "identical." On that point, the ultimate question of patent validity is the same, but the grounds of challenge are different: In Blue Coat I, Blue Coat challenged the '844 patent as anticipated by U.S. Patent No 6,253,370 ("Abadi"), the '968 patent as anticipated by U.S. Patent No. 6,772,214 ("McClain"), and the '731 patent as anticipated by a publication entitled "IBM Websphere Edge Server: New Features and Functions in Version 2" dated April 2002 ("Braswell"). Blue Coat I, ECF 543 at 18. Here, Blue Coat challenges the '844 patent as obvious over Ji '348, Necula, and Abadi and the '968 patent as obvious over Graham, O'Toole, and Coss. Ex. 12 to Blue Coat Opp. ¶ 274, ECF 237-12.
In the context of patent validity, the Federal Circuit has not definitively addressed what constitutes an "issue" for the purposes of collateral estoppel. Rudolph Techs., Inc., No. 15-CV-1246, 2016 WL 8668504, at *3 ("the Court is unaware of[] any precedent in ... the Federal Circuit directly addressing [this issue]"). Some district courts and commentators have
The Court is persuaded by the reasoning of the latter cases and adopts this majority view. Accordingly, because the ultimate issue of the validity of the '844,-'968, and '731 patents was litigated in Blue Coat I, Blue Coat is estopped from re-litigating it here. Finjan's motion for summary judgment that the '844, '968, and '731 patents are not invalid is GRANTED.
Finjan argues that Blue Coat should be estopped from challenging the validity of the '844, '968, '731, and '086 patents because it filed IPR petitions for these patents and the PTAB denied institution under a lower evidentiary standard. Finjan Mot. 22. Blue Coat responds that Finjan is wrong as a matter of law, and that none of the institution decisions even have persuasive effect because the prior art combinations asserted here are different. Blue Coat Opp. 17-18.
The Court agrees with Blue Coat. Finjan cites no authority for the proposition that denying institution creates estoppel, and the Court is aware of none. Further, because the asserted combinations differ, the PTAB's decisions have little relevance to the validity issues before the Court. Accordingly, Finjan's motion is DENIED.
Finjan seeks summary judgment that the '494 patent is not invalid over any theory relying on the Nachenberg reference because Blue Coat cannot prove that it is a printed publication that was publicly available before the priority date of the '494 patent. Finjan Mot. 21-22. Blue Coat does not substantively rebut Finjan's arguments, but instead offers to drop the Nachenberg reference from the combination of Griffin, Ji '348, and Nachenberg that it has asserted against the '494 patent. Blue Coat Opp. 20-21. In reply, Finjan objects that Blue Coat's proposal is in direct contravention of the Court's scheduling order, which states that "references for a single obviousness theory shall not be changed or revised for subsequent election of asserted prior art" and that "obviousness combination A, B, C, and D" "may not be changed or revised to the combination A, B, and C." ECF 41 n.3.
The Court agrees with Finjan that, pursuant to its scheduling order, Blue Coat cannot now revise its invalidity theory of obviousness over Griffin, Ji '348, and Nachenberg to obviousness over Griffin and Ji '348. Further, because Blue Coat provides no rebuttal for Finjan's arguments
Finjan argues that summary judgment that the '086 is not invalid should be granted for any theory relying on Ji '348 because Ji '348 is not prior art to the '086 patent. Finjan Mot. 24-25. On November 28, 2016, the PTO issued a reexamination certificate for the '086 patent, which newly reflected that the '086 patent could claim the benefit of a priority date to U.S. Provisional Application No. 60/030,639 ("the '639 provisional application"), filed on November 8, 1996. Finjan argues that, in light of the reexamination certificate, Ji '348 is not prior art to the '086 patent, as Ji '348 claims a priority date of September 10, 1997. Finjan also points out that the PTAB found the reexamination certificate persuasive in IPR2016-01444, as it determined that, in light of this reexamination certificate, Blue Coat had not shown a reasonable likelihood of prevailing in establishing that the priority date of the '086 patent was no earlier than November 6, 1997. Id.; Ex. 25 to Finjan Mot. at 3, 6-9, ECF 229-25.
Blue Coat responds that summary judgment is inappropriate, as there are disputed questions of fact as to whether the '639 provisional application discloses claim 24's "transmitter" element. Blue Coat Opp. 18. In reply, Finjan argues that this is unpersuasive, as the PTAB found that there was support for the elements of claim 24 in its decision. Finjan Reply 14.
Both parties' arguments on this issue are unconvincing: Finjan effectively argues that the Court should award an earlier priority date to the '086 patent because the PTAB did so, while Blue Coat baldly asserts lack of written description support without offering any supporting argument or evidence. However, because Finjan, as the moving party, bears the initial burden, its shortcomings govern. Finjan has not met its burden of showing that it is entitled to summary judgment that the '086 is not invalid under invalidity theories relying on Ji '348. Accordingly, Finjan's motion is DENIED.
In summary, for one or several reasons discussed above, Finjan's motion for summary judgment of no invalidity is GRANTED with respect to the '731, '580, '844,-'968, and '494 (for theories relying on Nachenberg) patents. Finjan's motion for summary judgment of no invalidity is DENIED with respect to the '408, '086, and '494 (for all other theories) patents.
Blue Coat seeks summary judgment that: (1) SSLV with ProxySG does not infringe claim 1 of the '580 patent; (2) WebPulse, alone or in combination with WSS, does not infringe claim 22 of the '408 patent; (3) WebPulse/GIN, WSS with MAS, ProxySG and CAS with MAA, and ASG with MAA do not infringe claim 1 of the '786 patent; and (4) "WebPulse/GIN sandboxing" does not infringe any of the Asserted Patents. Finjan opposes summary judgment on all of these grounds. The Court addresses each issue in turn.
Finjan accuses SSLV, in conjunction with ProxySG, of infringing claim 1 of the '580 patent. Claim 1 recites:
'580 patent, col. 7 l. 46-col. 8 l. 20 (emphasis added). According to Finjan, SSLV is the "first security computer" and ProxySG is the "second security computer." Finjan Opp. 6.
Blue Coat argues that the combination of SSLV and ProxySG does not infringe claim 1 for several reasons: (1) SSLV and ProxySG do not "communicate" to each other; (2) SSLV and ProxySG do not communicate a "reply message" or a "connection request message including cached attributes of the signed server certificate" to each other and do not have a "certificate comparator;" (3) SSLV and ProxySG do not share a "non-SSL connection;" and (4) SSLV does not perform an "SSL handshake with the client computer." Blue Coat Mot. at 5-14. The Court finds that summary judgment is appropriate for at least two of these reasons, which it discusses in detail below.
One critical aspect of the system recited in claim 1 is that the "first security computer" and "second security computer" share a "non-SSL connection." This distinguishes the invention of claim 1 from prior art systems, which required an SSL connection throughout. See '580 patent at col. 1 ll. 35-37, 49-53.
Blue Coat argues that the accused combination of SSLV and ProxySG does not meet this limitation because, instead, SSLV and ProxySG — the accused "first security computer" and "second security computer," respectively — communicate using
Finjan responds that SSLV and ProxySG do share a non-SSL connection because, in its view, "the SSLV sends intercepted plaintext (i.e., unencrypted) to the ProxySG, resulting in a non-SSL connection." Finjan Opp. 11. As support, Finjan cites to its expert Dr. Cole's report and deposition testimony, where he opines that a non-SSL connection exists between SSLV and ProxySG because SSLV sends an unencrypted connection request message to the ProxySG. Ex. 3 to Finjan Opp. (Cole Rpt.) ¶ 1796, ECF 240-6 ("the SSLV create a non-SSL connection between them to transfer information including a connection request message using the ProxySG as the second security computer"); Ex. 10 to Finjan Opp. at 240:12-241:7, ECF 240-16. Finjan also cites to several excerpts from Blue Coat's documentation which describe how, after SSLV has decrypted intercepted traffic, it can pass that decrypted intercepted traffic to other attached security appliances. Ex. 15 to Finjan Opp. at BC-0024354, ECF 241-16 ("sending non-SSL flows to the attached security appliances"); Ex. 9 to Finjan Opp. at BC2-0025898, ECF 241-10 ("Intercepted plaintext is delivered to attached devices as a valid regenerated TCP stream via the SSL Visibility's network ports.").
There is no genuine dispute that SSLV and ProxySG do not share a "non-SSL connection." Instead, all of the evidence cited by the parties agrees that, when SSLV and ProxySG are deployed in combination, they share an SSL connection. The "Blue Coat Systems V2800 and SV3800 Administration and Deployment Guide" relied on by Finjan explains how, when SSLV is deployed in a cooperative configuration with a "proxy device" (such as a ProxySG) to inspect outgoing traffic, each use certificate re-sign to gain access to the encrypted traffic. Ex. 9 to Finjan Opp. at BC2-0025920, ECF 241-10 ("The existing proxy re-signs the original server certificate and then the SSL Visibility resigns the modified server certificate it receives."); see also Ex. 1 to Finjan Opp. at BC2-0024727, ECF 241-2 ("The existing proxy re-signs the original server certificate and then the SSL Visibility re-signs the modified server certificate it receives."). This means that SSLV and the proxy device perform an SSL handshake: as part of the certificate resigning technique, the proxy, after it receives a certificate from the server, will re-sign the server's certificate and replace the server's public key with its own public key and send that to the SSLV. See id. at BC2-0025918-19. This makes it such that, when SSLV transmits outgoing traffic to the proxy, it will encrypt the traffic with the proxy's public key. See id. This is an SSL connection. In addition, Blue Coat's "Use the SSL Visibility Appliance with a ProxySG" document explains how, when SSLV is deployed in combination with a ProxySG to inspect incoming traffic, it is given the ProxySG's private key so that it can decrypt incoming traffic. Ex. 7 to Blue Coat Mot. at BC2-0024427, ECF 225-7. SSLV receives this traffic from the ProxySG (which received it from the internet), which decrypts it, inspects it, and re-encrypts it with its public key before passing it off to SSLV. Id. This too is an SSL
None of the evidence cited by Finjan contradicts this. First, the only evidence of a "non-SSL connection" that Dr. Cole cites is the "connection request message" that SSLV sends to ProxySG. Ex. 3 to Finjan Opp. at ¶ 1796, ECF 240-6; Ex. 10 to Finjan Opp. at 240:12-241:7, ECF 240-16. However, as Dr. Cole admitted, this is simply an initial message that is sent "before the session between the client and the server." Ex. 21 to Blue Coat Mot. at 75:3-9, ECF 226-24. All SSL connections begin with an unencrypted initial message (e.g., the "client hello" in the SSL handshake, see Ex. 21 to Blue Coat Mot. at 16:11-19:15, ECF 226-24), so this initial "connection request message" gives no indication that SSLV and ProxySG do not share an SSL connection. Second, the excerpts that Finjan cites from Blue Coat's documentation (Ex. 15 to Finjan Opp. at BC-0024354, ECF 241-16 and Ex. 9 to Finjan Opp. at BC2-0025898, ECF 241-10) refer to the unencrypted traffic that SSLV can pass to attached security devices, which are separate from the ProxySG in the SSLV/ProxySG combination that Finjan accuses. Thus, these excerpts are irrelevant. Accordingly, Finjan has failed to raise a genuine dispute that SSLV and ProxySG share a "non-SSL connection." Summary judgment of noninfringement is appropriate for at least this reason.
Another critical aspect of the system recited in claim 1 is that the "first security computer" maintains a cache of server certificates, which improves overall performance by saving the second security computer from always having to send the full server certificate to the first security computer. '580 patent, col. 5 ll. 14-16. To enable this, claim 1 requires that when a client sends a request to initiate an SSL connection with a server, the first security computer sends a "connection request message including cached attributes of the signed server certificate." Id., col. 8 ll. 1-2. This allows the second security computer to make sure that the cached certificate for that server is up-to-date. See id., col. 5 ll. 17-21, col. 5 ll. 30-35.
Blue Coat argues that the accused combination of SSLV and ProxySG do not meet the "connection request message including cached attributes of the signed server certificate" limitation because SSLV, as a transparent proxy, does not itself send a connection request. Blue Coat Mot. 10. Instead, according to Blue Coat, the client sends a connection request message and it invisibly passes through SSLV. Id. In support, Blue Coat points to its SSLV documentation, Ex. 23 to Blue Coat Mot. at BC2-1607593, ECF 225-23, and testimony from David Wells, Ex. 24 to Blue Coat Mot. at 35:18-36:1, ECF 226-26. Blue Coat also argues that it does not infringe this limitation because SSLV does not send any "cached attributes of the signed certificate" and Finjan's expert provided no opinion or evidence on this element in his report. Blue Coat Mot. 10.
Finjan responds that SSLV does indeed send a "connection request message" to ProxySG because "otherwise the products could not operate together" and "the connection request would never be forwarded to the web server." Finjan Opp. 9-10. It does not, however, cite any supporting evidence for these arguments. Finjan also argues that the "connection request message"
Ex. 10 to Finjan Opp. at 240:2-241:14, ECF 240-16. Finjan further cites
As an initial matter, the Court finds that a genuine dispute exists as to whether SSLV communicates a "connection request message" to ProxySG. Several pieces of evidence describe how SSLV forwards a request sent from the client to initiate an SSL session (i.e., the "client hello" in the SSL handshake). See, e.g., Ex. 12 to Finjan Opp. at 86:2-22, ECF 240-20 (testimony from David Wells agreeing that "the handshake request will go through the SSL Visibility Appliance to the SSL server"); Ex. 24 to Blue Coat Mot. at 35:18-36:1, ECF 226-26 (testimony from David Wells discussing how the client hello message passes through the SSLV to the server). Blue Coat also does not appear to dispute that SSLV forwards this request. See Blue Coat Mot. 10. This at least raises a material question of fact as to whether SSLV communicates a "connection request message" to the ProxySG.
However, there is no genuine dispute that, even if SSLV communicates a "connection request message," it does not "includ[e] cached attributes of the signed server certificate." Even construing all of the evidence in favor of Finjan, there is
Ex. 24 to Blue Coat Mot. at 35:18-36:1, ECF 226-26 (emphasis added). Other evidence submitted by the parties also confirms that, when SSLV forwards a request from the client to initiate an SSL session to the ProxySG (i.e., a "client hello"), it does not "includ[e] cached attributes of the signed server certificate" in this request. See, e.g., Ex. 9 to Finjan Opp. at BC2-0025916-21, ECF 241-10; Ex. 15 to Finjan Opp., ECF 241-16; Ex. 16 to Finjan Opp., ECF 241-17.
None of the evidence cited by Finjan raises a genuine material dispute on this point. Neither of the excerpts from Dr. Cole's report or deposition testimony which address the "connection request..." element (Ex. 3 to Finjan Opp. (Cole Rpt.) ¶ 1796, ECF 240-6 and Ex. 10 to Finjan Opp. at 240:2-241:14, ECF 240-16) point to any evidence of a "connection request message" (let alone one that "includ[es] cached attributes of the signed server certificate"). Instead, Dr. Cole just makes the bare assertion that this element exists. Ex. 3 to Finjan Opp. (Cole Rpt.) ¶ 1796, ECF 240-6; Ex. 10 to Finjan Opp. at 240:2-241:14, ECF 240-16. This is insufficient as a matter of law. Expert opinions are not evidence; thus, an expert's unsupported assertion that an accused product contains a claim element is not sufficient to raise a material dispute. See Rohm and Haas Co. v. Brotech Corp., 127 F.3d 1089, 1092 (Fed. Cir. 1997) (affirming district court's determination that patentee failed to prove infringement where the patentee "offered nothing more than its expert's general opinion that the accused product or process infringed the patents").
The remaining excerpts cited by Finjan also do not raise any material question of fact that SSLV sends "cached attributes of the signed server certificate." Dr. Cole's report at ¶¶ 1843-45 relates to caching and comparing certificate attributes at the ProxySG (the alleged "second security computer") and does not address the contents of any "connection request message" that is sent from SSLV to ProxySG. The excerpt at Ex. 2 to Finjan Opp. at BC2-0024427, ECF 241-3 and Dr. Cole's report at Ex. 3 to Finjan Opp. (Cole Rpt.) ¶¶ 1725-1726, ECF 240-6 discuss SSLV's ability to import certificates, which is an initial configuration setting which allows SSLV to decrypt traffic coming from the ProxySG and does not relate to any "connection request message" that is sent from SSLV to ProxySG. The testimony at Ex. 14 to Finjan Opp. at 112:1-14, ECF 240-24 discusses how SSLV sends decrypted information to attached security devices. This is unrelated to communications between SSLV and ProxySG. Finally, the testimony from David Wells at Ex. 12 to Finjan Opp. at 86:2-22, ECF 240-20 actually agrees that "the handshake request [from the client] will just go directly through the SSL Visibility Appliance to the SSL server," which, if anything, supports an inference that, when SSLV forwards a request sent from the client to initiate an SSL session, the request is unmodified and does not include "cached attributes of the signed server certificate." Thus, none of the evidence cited by Finjan raises a material dispute that the SSLV does not communicate a "connection request
For at least the two independent reasons discussed above, the Court finds that Blue Coat is entitled to summary judgment. The Court need not reach the remaining reasons supplied by Blue Coat and declines to do so. Blue Coat's motion for summary judgment of noninfringement for claim 1 of the '580 patent is GRANTED.
Finjan accuses the DRTR component of WebPulse, alone or in combination with WSS, of infringing claim 22 of the '408 patent. Claim 22 recites:
'480 patent, col. 21 ll. 22-67 (emphasis added).
Blue Coat argues that DRTR does not infringe claim 22 for three reasons: (1) DRTR does not "determin[e] any specific one of a plurality of programming languages;" (2) DRTR does not "instantiat[e] a scanner ... in response;" and (3) DRTR does not analyze an "incoming stream" of program code. Blue Coat Mot. 14-18. The Court finds that none of these reasons warrant summary judgment. It discusses each below.
Claim 22 requires "determining any specific one of a plurality of programming languages." The parties do not colorably disagree as to how the portions of DRTR relevant to this limitation operate: [Redacted] Blue Coat Mot. 16; Finjan Opp. 14; see Ex. 29 to Blue Coat Mot. at ll. 175-190, ECF 226-36; Ex. 11 to Blue Coat Mot. at 120:5-21, ECF 226-12. [Redacted] Blue Coat Mot. 16-17; Finjan Opp. 15; Ex. 34 to Finjan's Mot. at ll. 203-17, 326-66, ECF 227-20; see also Ex. 11 to Blue Coat Mot. at 70:10-17, ECF 226-12. [Redacted] Blue Coat Mot. 16-17; Finjan Opp. 15-16; see, e.g., Ex. 34 to Finjan Opp. at ll. 3848-3979,
Blue Coat argues that this functionality does not satisfy the "determining any specific one of a plurality of programming languages" limitation of claim 22 [Redacted] Blue Coat Mot. 15-17. Blue Coat contends that, because a file type is not a "programming language," DRTR does not "determin[e] ... a ... programming language[]." Id. at 15-16. Blue Coat also argues that, [Redacted] this cannot infringe claim 22 [Redacted] Id. at 16-17.
Finjan, on the other hand, contends that determining file type is determining a "programming language," at least within the context of the '408 patent. Specifically, Finjan points out that the '408 patent discloses JavaScript, Visual Basic Script, HTML, URI, and URL as examples of "programming languages," and also states that "the present invention is ... applicable to parse and analyze binary content and EXE files." Finjan Opp. 14 (citing '408 patent, col. 1 l. 66-col. 2 l. 2, col 4 ll. 2-5, col. 6 ll. 17-23, col. 9 ll. 7-15, col. 16 ll. 10-13). Finjan also emphasizes that [Redacted] Finjan Opp. 14-16; see Ex. 7 to Finjan Opp. at 119:5-10, 181:18-23, ECF 240-14; Ex. 20 to Finjan Opp. at BC0005745-46, ECF 240-32 [Redacted] Ex. 34 to Finjan Opp. at ll. 3715-3738, ECF 240-42; see also Ex. 34 to Finjan Mot. at ll. 333, ECF 227-20 [Redacted] Ex. 4 to Finjan Opp. (Mitzenmacher Rpt.) ¶¶ 114, 953, 955-60, ECF 240-8. Finjan also argues that [Redacted] constitute "determining any specific one of a plurality of programming languages" because they search specifically for JavaScript code. Finjan Opp. 15.
At the time of the hearing, the parties agreed that there was no fundamental dispute as to the meaning of "programming language" and that it may be given its plain and ordinary meaning. ECF 270. However, the parties appear to have different conceptions of what this plain and ordinary meaning may encompass: Blue Coat contends that file types such as text, EXE, PDF, ZIP, XML, GZIP, or RAR are not "programming languages," whereas Finjan contends they are. Compare Blue Coat Mot. 15-16, with Finjan Opp. 14. The parties' experts, purported persons of ordinary skill in the art, also appear to disagree as to whether a file type can be a "programming language." Compare Ex. 30 to Blue Coat Mot. at 111:23-113:22, ECF 226-38 (testimony from Dr. Nielson, Blue Coat's expert, that "identification of file type does not identify programming languages"), with Ex. 28 to Blue Coat Mot. at 195:3-196:23, ECF 226-34 (testimony from Dr. Mitzenmacher, Finjan's expert, that [Redacted] it will determine which programming language the program code appears to be"). Thus, before turning to questions of infringement, the Court must first clarify the scope of "programming language."
While the Court agrees with Blue Coat that, in the most typical case, "programming language" refers to languages such as C, C+ +, Python, Java, or Perl, it agrees with Finjan that, within the context of the '408 patent, "programming language" carries a broader meaning. Claim 22 requires that, after a "programming language" is "determin[ed]," a "scanner" is "instantiat[ed]" for that "programming language," which includes "parser rules" which "define certain patterns in terms of tokens, tokens being lexical constructs for the specific programming language" and "analyzer rules" which "identify certain combinations of tokens and patterns." '408 patent, col. 21 ll. 48-57. Thus, a "programming language" must at least be something that has "lexical constructs" which can be recognized as "tokens" and put together in detectable "patterns." The specification gives several examples of such "programming languages:" JavaScript, HTML, Visual Basic script, and
In light of this, the Court finds that there are material questions of fact as to whether DRTR "determin[es] any specific one of a plurality of programming languages." Although it seems odd (and likely incorrect) to say that every file type is its own "programming language" even within the meaning of the '408 patent, the Court cannot conclude, construing the evidence in the light most favorable to Finjan, [Redacted] As discussed above, this will turn on whether they have "tokens" which could be put together in detectable "patterns," both of which are factual determinations that must be left for the jury.
Further, the parties do not dispute that DRTR includes code specific to at least some of the explicit examples of "programming languages" given in the '408 specification: HTML and JavaScript. '408 patent, col. 1 l. 66-col. 2 l. 2, col 4 ll. 2-5, col. 6 ll. 17-23, col. 9 ll. 7-15, col. 16 ll. 10-13. Although the Court agrees with Blue Coat that [Redacted] there may be no prior determination of a programming language, it cannot rule out, on summary judgment, that DRTR's logic of processing content does not somehow include a "determin[ation]" of a "programming language." For example, the source code and other evidence submitted by the parties shows that, [Redacted] DRTR can determine that it is a text file that potentially contains HTML (or, said another way, is potentially an HTML file). See Ex. 34 to Finjan Mot. at ll. 272-366, ECF 227-20; see also id. at l. 331 [Redacted] which treats the contents as if it were HTML and processes them accordingly. See Ex. 34 to Finjan Opp. [Redacted] ECF 240-42; Ex. 31 to Blue Coat Mot. [Redacted] ECF 226-40. Although it may be the case that DRTR's identification of HTML is more of a guess and not a perfect determination, the Court cannot conclude, construing the evidence the light most favorable to Finjan, that this is not a "determin[ation]." Thus, the Court cannot grant summary judgment of noninfringement on the basis of this limitation.
Claim 22 also requires "instantiating a scanner for the specific programming language." The parties dispute whether DRTR satisfies this limitation for the same reasons they advance with respect to the "determining ..." limitation: in Blue Coat's view, DRTR does not practice this limitation because it only "instantiat[es]" scanners for file types, which are not programming languages. Blue Coat Mot. 17. Finjan, on the other hand, argues that file types are programming languages, so the fact that DRTR selects scanners based on file type at least creates a triable issue of fact. Finjan Opp. 16-17. Finjan also argues that DRTR satisfies this limitation [Redacted] Id. at 17.
Because disputed questions remain as to whether DRTR "determin[es] any specific
Claim 22 also requires that its receiving and analysis steps be performed on an "incoming stream" of program code. Blue Coat argues that, because DRTR begins processing a file only after the full or partial download has been completed, it does not operate on an "incoming stream" of program code. Blue Coat Mot. 17-18. According to Blue Coat, when DRTR receives a new URL to rate and categorize, [Redacted] Id. at 17-18; see also Ex. 11 to Blue Coat Mot. at 120:5-21, 116:1-25, ECF 226-12; Ex. 27 to Blue Coat Mot. at ll. 570-583, ECF 226-32. [Redacted] DRTR begins its analysis. Blue Coat Mot. 18; see also Ex. 11 to Blue Coat Mot. at 120:5-21, ECF 226-12; Ex. 27 to Blue Coat Mot. at ll. 570-583, ECF 226-32.
[Redacted] See Finjan Opp. 17-19. Finjan nevertheless argues that DRTR analyzes an "incoming stream" for two reasons: (1) it dynamically rates the URL before its content is downloaded to a client computer, id. at 17; and (2) [Redacted] as incoming content is being received. Id. at 17-18; Ex. 4 to Finjan Opp. (Mitzenmacher Rpt.) ¶¶ 856, 1025, 1028, 1038, ECF 240-8.
At the time of the hearing, the parties agreed that there was no fundamental dispute as to the meaning of "incoming stream" and that it may be given its plain and ordinary meaning. ECF 270. However, the parties appear to have different views of what this plain and ordinary meaning may encompass: Blue Coat appears to interpret "incoming stream" as a byte stream that must come from an external source (i.e., a byte stream that is actively being downloaded), whereas Finjan appears to view "incoming stream" as a byte stream that can also come from a local source, such as a buffer.
The Court agrees with Finjan that an "incoming stream" need not be from an external source. The '408 patent does not place any restriction on where an "incoming stream" is read from and in fact itself discloses an example of an "incoming stream" that is read from a local buffer. See, e.g., '408 patent, col. 14 ll. 23-25 ("At step 500, the parser calls a tokenizer, such as tokenizer 210, to retrieve a next token from an incoming byte stream."). Thus, "incoming stream" must at least be as broad. See Vitronics Corp., 90 F.3d at 1583 (a claim interpretation that excludes a preferred embodiment "is rarely, if ever, correct").
Blue Coat's noninfringement arguments are only based on its assumption that "incoming stream" must be coming from an external source. Because the Court disagrees with this view, Blue Coat is not entitled to summary judgment of noninfringement on this basis.
Disputed questions of material fact remain with respect to all of the limitations for which Blue Coat argues it is entitled to summary judgment. Accordingly, Blue Coat's motion for summary judgment of noninfringement of claim 22 of the '408 patent is DENIED.
Finjan accuses the following combinations of infringing claim 1 of the '786 patent: (1) ProxySG, CAS, and MAA, (2) ASG with MAA, (3) WSS with MAS, and (4) WebPulse/GIN. Claim 1 recites:
'786 patent, col. 21 ll. 33-48 (emphasis added). "Mobile protection code" is "code that, at runtime, monitors or intercepts actually or potentially malicious code operations." ECF 180 at 1; see also Blue Coat I, ECF 118 at 5.
Blue Coat argues that it neither infringes this claim literally nor under the doctrine of equivalents. The Court addresses each in turn.
Blue Coat argues that it does not literally infringe claim 1 because all of the accused combinations have fundamentally different architectures from what is required by claim 1. According to Blue Coat, claim 1 requires that a "sandboxed package including the mobile protection code" be delivered to the "information destination" so that the "downloadable-information" can be executed in a sandboxed environment at the "information destination." Blue Coat Mot. 18-21. Blue Coat argues that "information destination" refers to the client user device, the machine which requested the "downloadable-information." Id. at 21-22. By contrast, Blue Coat argues, there is no sandboxed package that is delivered to the client device in the accused combinations. Id. at 18-22. Instead, all of the sandboxing happens at the MAA before the downloaded information reaches the client device. Id. at 18-22.
Finjan does not dispute that, in the accused combinations, sandboxing happens on the MAA, rather than the client user device. However, Finjan maintains that the accused combinations infringe claim 1 because the MAA receives potentially suspicious content to sandbox from the ASG or CAS by way of a remote API, which includes parameters which influence how the MAA sandboxes the content. According to Finjan, these "API directions" are "mobile protection code" because they cause the MAA to monitor or intercept potentially suspicious operations of the downloaded content. Id. Finjan also argues that, in the accused combinations, the MAA (or MAS) is the "information-destination," and that the meaning of "information-destination" is broad enough to include any information destination, such as a firewall, server, the MAA, or a client user device. Id. at 21-22. As support for its infringement position, Finjan relies on Blue Coat documentation, which explains how the MAA's remote API can be used to submit sample files to the MAA or create a task to be queued and performed by the MAA. Ex. 24 to Finjan Opp. at BC2-0003335, 37, ECF 241-25. Finjan also relies on the report of its expert, Dr. Cole, who opined that the ASG and CAS "communicate" a "sandboxed package including the mobile protection code" because they send digital content to be sandboxed to an MAA via an API call, then "submit mobile protection code to the MAA via another API call which is run by the MAA to monitor the behavior of the sample," and that the API "allows for the
As an initial matter, the Court notes that the parties do not appear to fundamentally disagree as to how the relevant portions of the accused combinations work: Finjan agrees with Blue Coat that the MAA (not the user client device) performs sandboxing, and Blue Coat agrees with Finjan that the MAA can receive files to sandbox from an ASG or CAS by way of a remote API, the parameters of which can affect how the MAA sandboxes the file. Finjan Opp. 19-21; Ex. 24 to Finjan Opp. at BC2-0003335, 37, ECF 241-25; see Blue Coat Mot. 20-21. Instead, the parties' dispute turns on two discrete issues: (1) whether the MAA is an "information-destination;" and (2) whether an API call is "mobile protection code."
The Court finds that at least this second issue entitles Blue Coat to summary judgment.
The Court agrees with Blue Coat that "code" in "mobile protection code" is executable code. The specification consistently describes "mobile protection code" as something that is executed. See, e.g., id., col. 18 ll. 7-46, col. 20 ll. 44-65. This makes sense given that one cited advantage of the '786 patent is that it "does not require pre-installation of security code within a Downloadable destination;" instead, the mobile protection code can provide its own package of security code that can be run at the destination. Id., col. 4 ll. 61-62. This also comports with the testimony of Finjan's experts, Drs. Cole and Medvidovic, who described "code" as something that executes. See Ex. 22 to Blue Coat Mot. at 70:20-75:16, ECF 225-22 (Dr. Medvidovic describing how "typically, you'll provide the code that implements that method inside of a block that's delimited by open curly brace"); Ex. 21 to Blue Coat Mot. at 186:24-187:2, ECF 226-24 (Dr. Cole referring to "code to run"). Moreover, as Blue Coat points out, the Court implicitly addressed this question in its claim construction order in Blue Coat I, where it rejected the notion that mobile protection code includes anything other than the code that itself operates to monitor and intercept suspicious operations. See Blue Coat I, ECF 118 at 7-8 (explicitly excluding "protection policies ... `for causing one or
In light of this clarification, there is no material factual dispute that the API calls that CAS and ASG use to submit sample files to the MAA are not "mobile protection code." As the parties agree, these API calls just provide the interface that CAS or ASG can use to launch the execution of sandboxing routines that already reside on the MAA; the API calls are not themselves the executable code. See Finjan Opp. 20 ("parameters that cause the MAA to monitor or intercept operations"); Ex. 21 to Blue Coat Mot. at 182:23-25, ECF 226-24 ("It [MAA] absolutely has code that would monitor or intercept potentially malicious code operations."). Thus, the accused combinations do not satisfy this element. For at least this reason, Blue Coat is entitled to summary judgment. Blue Coat's motion for summary judgment of no literal infringement of claim 1 of the '786 patent is GRANTED.
Blue Coat also moves for summary judgment that it does not infringe claim 1 under the doctrine of equivalents. To prove doctrine of equivalents at trial, Finjan must "show[] on a limitation-by-limitation basis that the accused product performs substantially the same function in substantially the same way with substantially the same result as each claim limitation of the patent[]. ..." Wavetronix LLC v. EIS Electronic Integrated Systems, 573 F.3d 1343, 1360 (Fed. Cir. 2009).
Blue Coat argues that it does not infringe claim 1 under the doctrine of equivalents because the accused products do not provide the same function, the same way, and with the same result as the limitations of claim 1. Blue Coat Mot. 22-23. Specifically, Blue Coat argues that the accused combinations do not provide the same function because the function of claim 1 is to prevent malicious attacks by files already received at the destination computer, whereas the function of the accused combinations is to gather information about a potentially suspicious file and determine whether it is dangerous before sending it to the destination. Id. Blue Coat argues that the accused combinations do not provide this function in the same way because claim 1 packages a potentially suspicious file with mobile protection code and sends it to its destination, whereas the accused combinations analyze the file at the MAA and then, if it is not dangerous, sends it unpackaged to its destination. Id. at 23. Blue Coat argues that the accused combinations do not achieve the same results because claim 1 results in running a downloadable in a safe environment at the destination, whereas the accused combinations result in preventing delivery of the downloadable if it is deemed dangerous. Id. at 23.
Finjan argues that there are at least disputed issues of fact as to whether Blue Coat infringes under doctrine of equivalents, citing its expert Dr. Cole's report as providing "ample evidence" to support this. Finjan Opp. 22 (citing Ex. 3 to Finjan Opp. (Cole Rpt.) ¶¶ 2159-66, 2235-41, ECF 240-6). Finjan cites to no other "evidence" outside its expert's report.
The Court finds that there is no material dispute that Blue Coat does not infringe under the doctrine of equivalents. Dr. Cole's opinion is based entirely on his assumption that the API calls that ASG or CAS make to the MAA are "mobile protection code." See Ex. 3 to Finjan Opp. (Cole Rpt.) ¶¶ 2159-66, 2235-41, ECF 240-6. As discussed above, this is incorrect based on undisputed facts. Finjan cites to no other "evidence" that Blue Coat infringes under the doctrine of equivalents; thus, it fails to
BlueCoat moves for summary judgment that "WebPulse/GIN sandboxing" does not infringe the '844, '494, '786, '621, and '086 patents. Blue Coat Mot. 23-25. According to Blue Coat, one necessary component of Finjan's allegations with respect these patents is that "WebPulse/GIN" sends content to MAA(s) to sandbox. Id. at 23. [Redacted] Id. Blue Coat argues that infringement is impossible in both of these cases because these MAA(s) do not send their results to GIN. Id. [Redacted] Id. at 24 (citing Ex. 13 to Blue Coat Mot. at 282:18-21, ECF 226-14). Id. at 24-25. [Redacted] Id. at 25.
Finjan responds that there are disputed questions of fact as to whether Web-Pulse/GIN uses any of these MAAs, and hence, includes sandboxing. Finjan Opp. 23. [Redacted] Id. at 24-25 (citing Ex. 7 to Finjan Opp. at 106:8-13, 17:14-18:3, 18:18-19:2, ECF 225-7). [Redacted] Id. at 23-24. [Redacted] Id. at 25.
The Court finds that disputed questions of fact remain as to whether "WebPulse/GIN" uses sandboxing through either of the identified MAA(s). [Redacted] different Blue Coat employees provided varying testimony on this MAA and its relation to GIN. See Ex. 13 to Blue Coat Mot. at 282:18-21, ECF 226-14; Ex. 7 to Finjan Opp. at 106:8-13, 17:14-18:3, 18:18-19:2, ECF 225-7. The credibility of this testimony and whether, in light of this, [Redacted] are factual determinations for the jury. Accordingly, summary judgment is inappropriate. [Redacted] including the possibility that their results are provided to GIN. See, e.g., Ex. 8 to Finan Opp., ECF 241-9; Ex. 27 to Finjan Opp., ECF 241-28; Ex. 6 to Finjan Opp. at 36:17-38:23, ECF 240-12; Ex. 5 to Finjan Opp. at 87:2-89:25, ECF 240-10. The credibility of this testimony and whether, in light of this and Finjan's other evidence, [Redacted] are factual determinations for the jury. In addition, although the Court agrees that, as a matter of law, [Redacted] NTP, Inc. v. Research In Motion, Ltd., 418 F.3d 1282, 1316-17 (Fed. Cir. 2005), whether this is the case is also a factual determination that should be reserved for the jury. Accordingly, summary judgment is inappropriate. Blue Coat's motion for summary judgment of noninfringement with respect to "WebPulse/GIN Sandboxing" is DENIED.
For the foregoing reasons, IT IS HEREBY ORDERED that:
1. Finjan's motion for summary judgment is DENIED as to whether Web-Pulse/GIN and the identified combinations of gateway products (ProxySG and CAS with MAA; ASG with MAA) infringe claim 10 of the '494 patent;
2. Finjan's motion for summary judgment is GRANTED as to whether the '731, '580, '844, '968, and '494 (for theories relying on Nachenberg) patents are not invalid and DENIED as to whether the '408, '086, and '494 (for all other theories) patents are not invalid:
3. Blue Coat's motion for summary judgment is GRANTED as to whether SSLV in conjunction with ProxySG infringes claim 1 of the '580 patent;
4. Blue Coat's motion for summary judgment is DENIED as to whether Web-Pulse, alone or in combination with WSS, infringes claim 22 of the '408 patent;
5. Blue Coat's motion for summary judgment is GRANTED as to whether (1) ProxySG, CAS, and MAA, (2) ASG with MAA, (3) WSS with MAS, and (4) Web-Pulse/GIN infringe claim 1 of the '786 patent; and
6. Blue Coat's motion for summary judgment is DENIED as to whether "WebPulse/GIN sandboxing" infringes the '844, '494, '786, '621, and '086 patents.
