From Casetext: Smarter Legal Research

Finjan, Inc. v. Cisco Sys. Inc.

UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA SAN JOSE DIVISION
Feb 5, 2019
Case No. 17-cv-00072-BLF (N.D. Cal. Feb. 5, 2019)

Opinion

Case No. 17-cv-00072-BLF

02-05-2019

FINJAN, INC., Plaintiff, v. CISCO SYSTEMS INC., Defendant.


ORDER CONSTRUING ADDITIONAL CLAIMS IN U.S. PATENT NOS. 6,154,844; 6,804,780; 7,647,633 [Re: ECF 153, 154, 155]

Plaintiff Finjan, Inc. ("Finjan") brings this patent infringement lawsuit against Defendant Cisco Systems, Inc. ("Cisco"), alleging infringement of five of Finjan's patents directed to computer and network security. See SAC, ECF 55. On July 23, 2018, the Court issued an order construing ten disputed terms in the five patents-in-suit. See Order Construing Claims, ECF 134. On October 22, 2018, the Court granted Defendant's request that the Court construe four additional terms, without a hearing. See ECF 149. The instant briefing followed. See ECF 153, 154, 155. The four disputed terms concern three of the five patents-in-suit: U.S. Patent Nos. 6,154,844 ("the '844 patent"); 6,804,780 ("the '780 patent"); and 7,647,633 ("the '633 patent").

I. BACKGROUND

The five patents-in-suit are directed to network security technologies that detect online threats from malware. Finjan asserts that Cisco's products and services infringe the patents-in-suit. See generally SAC, ECF 55. The three patents relevant to the instant order are summarized below.

A. The '633 Patent

The '633 patent is titled "Malicious Mobile Code Runtime Monitoring System and Methods" and was issued on January 12, 2010. Ex. 4 to Hannah Decl. (the '633 patent), ECF 100- 6. The patent provides systems and methods for protecting devices on an internal network from code, applications, and/or information downloaded from the Internet that performs malicious operations. Id. at Abstract. At a high level, some embodiments include a protection engine that resides on a network server and monitors incoming information for executable code. Id. at 2:20-3:4. Upon detection of executable code, the protection engine deploys a "mobile protection code" and protection policies to a downloadable-destination. Id. col. 3:5-21. At the destination, the Downloadable is executed, typically within a sandboxed environment, and malicious or potentially malicious operations that run or attempt to run are intercepted and neutralized by the mobile protection code according to set protection policies. See id. at 3:22-40.

B. The '844 Patent

The '844 patent is titled "System and Method for Attaching a Downloadable Security Profile to a Downloadable" and was issued on November 28, 2000. Ex. 1 to Hannah Decl. (the '844 patent), ECF 100-3. This patent claims systems and methods for inspecting Downloadables for suspicious code or behavior according to a set of rules and generating a profile of the results from the inspection. See, e.g., id. at 1:62-3:7. In some embodiments, a content inspection engine generates a security profile and links that profile to a Downloadable. Id. at 2:3-11. The profile can include certificates that are later read by a protection engine to determine whether or not to trust the profile. Id. at 2:20-48. By providing verifiable profiles, the claimed systems and methods may efficiently protect computers from hostile Downloadables. Id. at 2:61-3:7.

C. The '780 Patent

The '780 patent is titled "System and Method for Protecting a Computer and a Network From Hostile Downloadables" and was issued on October 12, 2004. Ex. 3 to Hannah Decl. (the '780 patent), ECF 100-5. This patent teaches the generation of a re-usable ID for downloaded files so that future iterations of those files can be easily identified. For instance, the patent discloses that an ID generator can compute an ID that identifies a Downloadable by fetching components of the Downloadable and performing a hashing function on the fetched components. See, e.g., id. at 2:12-16.

II. LEGAL STANDARD

Claim construction is a matter of law. Markman v. Westview Instruments, Inc., 517 U.S. 370, 387 (1996). "It is a 'bedrock principle' of patent law that 'the claims of a patent define the invention to which the patentee is entitled the right to exclude,'" Phillips v. AWH Corp., 415 F.3d 1303, 1312 (Fed. Cir. 2005) (en banc) (internal citation omitted). As such, "[t]he appropriate starting point . . . is always with the language of the asserted claim itself." Comark Commc'ns, Inc. v. Harris Corp., 156 F.3d 1182, 1186 (Fed. Cir. 1998).

Claim terms "are generally given their ordinary and customary meaning," defined as "the meaning . . . the term would have to a person of ordinary skill in the art in question . . . as of the effective filing date of the patent application." Phillips, 415 F.3d at 1313 (internal citation omitted). The court reads claims in light of the specification, which is "the single best guide to the meaning of a disputed term." Id. at 1315; see also Lighting Ballast Control LLC v. Philips Elecs. N. Am. Corp., 744 F.3d 1272, 1284-85 (Fed. Cir. 2014) (en banc). Furthermore, "the interpretation to be given a term can only be determined and confirmed with a full understanding of what the inventors actually invented and intended to envelop with the claim." Phillips, 415 F.3d at 1316 (quoting Renishaw PLC v. Marposs Societa' per Azioni, 158 F.3d 1243, 1250 (Fed. Cir. 1998)). The words of the claims must therefore be understood as the inventor used them, as such understanding is revealed by the patent and prosecution history. Id. The claim language, written description, and patent prosecution history thus form the intrinsic record that is most significant when determining the proper meaning of a disputed claim limitation. Id. at 1315-17; see also Vitronics Corp. v. Conceptronic, Inc., 90 F.3d 1576, 1582 (Fed. Cir. 1996).

Evidence external to the patent is less significant than the intrinsic record, but the court may also consider such extrinsic evidence as expert and inventor testimony, dictionaries, and learned treatises "if the court deems it helpful in determining 'the true meaning of language used in the patent claims.'" Philips, 415 F.3d at 1318 (quoting Markman, 52 F.3d at 980). However, extrinsic evidence may not be used to contradict or change the meaning of claims "in derogation of the 'indisputable public records consisting of the claims, the specification and the prosecution history,' thereby undermining the public notice function of patents." Id. at 1319 (quoting Southwall Techs., Inc. v. Cardinal IG Co., 54 F.3d 1570, 1578 (Fed. Cir. 1995)).

III. DISCUSSION

A. Disputed terms in the '633 patent

1. "mobile protection code" (claims 1, 8, 14 and 19)

Finjan's Proposal

Cisco's Proposal

Court's Construction

"code that,at runtime, monitors orintercepts actually orpotentially malicious codeoperations without modifyingthe executable code"

"mobile executable code that,at runtime, monitors for andintercepts actually orpotentially malicious codeoperations without modifyingthe executable code"

"code that,at runtime, monitors orintercepts actually orpotentially malicious codeoperations without modifyingthe executable code"

As a representative example, the disputed term "mobile protection code" appears in independent claim 1, which recites:

1. A computer processor-based method, comprising:

receiving, by a computer, downloadable-information;

determining, by the computer, whether the downloadable-information includes executable code; and

based upon the determination, transmitting from the computer mobile protection code to at least one information-destination of the downloadable-information, if the downloadable-information is determined to include executable code.
'633 patent at 20:54-62 (emphasis added).

Finjan argues that its proposed construction is proper because "it is consistent with how a person of ordinary skill in the art would understand the intrinsic record" and because its "proposed construction has already been adopted in this District by this Court." See Opening Br. at 1-2, ECF 153. Indeed, prior claim construction orders issued in the same jurisdiction are entitled to substantial deference. See Finjan, Inc. v. Symantec Corp., 2017 WL 550453, at *3 (N.D. Cal. Feb. 10, 2017) ("If anything, to the extent possible, the degree of deference should be greater where the prior claim construction order was issued in the same jurisdiction."); Visto Corp. v. Sproqit Techs., Inc., 445 F. Supp. 2d 1104, 1107-08 (N.D. Cal. 2006) (explaining that the Supreme Court has stressed the particular importance of intrajurisdictional uniformity in claim construction).

In Finjan, Inc. v. Blue Coat Sys., Inc., 2014 WL 5361976 (N.D. Cal. Oct. 20, 2014), the undersigned considered precisely the term "mobile protection code" in the very same '633 patent and construed the term as "code that, at runtime, monitors or intercepts actually or potentially malicious code operations." Id. at *3; see also Finjan, Inc. v. Proofpoint, Inc., 2015 WL 7770208, at *5 (N.D. Cal. Dec. 3, 2015) (Judge Gilliam adopting an identical construction for the same term in the same patent). Finjan's proposed construction in the instant action seeks to append the phrase "without modifying the executable code" but is otherwise identical to the construction adopted by this Court in Blue Coat and Proofpoint. Review of the undersigned's Blue Coat order confirms that appending "without modifying the executable code" to the Court's prior construction is consistent with the Court's prior order. In Blue Coat, the Court considered the related term "causing mobile protection code to be executed . . ." and construed it to require that "the mobile protection code [is] communicated . . . without modifying the executable code." 2014 WL 5361976, at *8 (emphasis added). The Court additionally noted that "the intrinsic evidence . . . indicate[s] that the MPC [mobile protection code] travels to the destination without modifying executable code." Id. Moreover, here, Cisco includes the "without modifying the executable code" language in its own proposed construction. See Responsive Br. at 1, ECF 154. In sum, Finjan's proposed construction of "mobile protection code" in the instant action is effectively the same as that adopted in Blue Coat and Proofpoint and entitled to deference, see Symantec, 2017 WL 550453, at *3.

The Court has carefully considered Cisco's construction but is not persuaded Cisco's arguments overcome the deference provided Finjan's proposed construction. For example, Cisco seeks a construction that the mobile protection code "monitors for and intercepts" malicious code. Responsive Br. at 1, 2 (emphasis added). In other words, Cisco argues that "monitors" and "intercepts" are "essentially synonymous." Id. at 3. The Court disagrees. The specification describes the invention as "providing malicious mobile code runtime monitoring systems and methods . . . enabl[ing] actually or potentially undesirable operations . . . to be efficiently and flexibly avoided." See '633 patent at 5:30-34. This sets forth "monitoring" actually or potentially malicious code that enables "avoid[ing]" such malicious code, see id., and therefore indicates that "intercepting" is a subset of "monitoring" in that a set of code may be monitored but not intercepted. Indeed, the mobile protection code "monitor[s] or otherwise intercept[s]" such malicious operations. See '633 patent at 3:7-11 (emphasis added). This does not equate the two terms. Moreover, the specification further states that "the mobile protection code . . . enables various Downloadable operations to be detected, intercepted or further responded to via protection operations." Id. at 2:52-55 (emphasis added). This statement does not preclude monitoring that is separate from intercepting. Thus, the Court does not find the intrinsic evidence sufficiently clear to justify departure from the prior claim construction orders that explicitly construed mobile protection code to "monitor[] or intercept[]," see Blue Coat, 2014 WL 5361976, at *3; Proofpoint, 2015 WL 7770208, at *5.

Accordingly, for the reasons above, the Court adopts Finjan's construction.

2. "A computer program product, comprising a computer usable medium having a computer readable program code therein, the computer readable program code adapted to be executed for computer security, the method comprising:" (claim 14)

Finjan's Proposal

Cisco's Proposal

Court's Construction

The typographical error in thepreamble is corrected to read:"A computer programproduct, comprising acomputer usable mediumhaving a computer readableprogram code therein, thecomputer readable programcode adapted to be executedfor computer security,comprising:"

The phrase "the method"should not be struck from thepreamble. As written, theclaim is indefinite underIPXL for reciting a mix ofstatutory classes of subjectmatter.

The typographical error in thepreamble is corrected to read:"A computer programproduct, comprising acomputer usable mediumhaving a computer readableprogram code therein, thecomputer readable programcode adapted to be executedfor computer security,comprising:"

The parties dispute whether the words "the method" in the preamble to claim 14 of the '633 patent are the result of a typographical error and properly removed in construing the claim. Finjan argues that the words should be removed while Cisco argues that the words should remain and render the claim indefinite under IPXL Holdings, L.L.C. v. Amazon.com, Inc., 430 F.3d 1377 (Fed. Cir. 2005). See Opening Br. at 4; Responsive Br. at 4.

The undersigned considered precisely this issue in Blue Coat, 2014 WL 5361976. In Blue Coat the parties also disputed whether the words "the method" in the preamble to claim 14 were a typographical error. Id. at *7. The undersigned agreed with Plaintiff Finjan and construed the term "to correct the typographical error" resulting in a construction identical to Finjan's proposed construction in the instant action. See id. at *7-8; Opening Br. at 4. The undersigned further noted that "the corrected preamble can be reasonably interpreted to set forth a computer readable program code that, when executed, performs the limitations of the claim." Blue Coat, 2014 WL 5361976, at *7.

When a patentee seeks a correction of claim language, "a district court can do so only if (1) the correction is not subject to reasonable debate based on consideration of the claim language and the specification and (2) the prosecution history does not suggest a different interpretation of the claims." Novo Indus., L.P. v. Micro Molds Corp., 350 F.3d 1348, 1354 (Fed. Cir. 2003). Cisco argues that in Blue Coat the undersigned was "not presented with the language of the dependent claims and prosecution history that: (i) contradicts Finjan's correction; and (ii) suggests a different possible interpretation of the preamble." Responsive Br. at 4. In other words, Cisco contends that the Court's construction in Blue Coat is not valid because the Court's "correction" to remove the words "fails both of the[] [Novo] requirements" when considering "the dependent claims and prosecution history" of the '633 patent. See Responsive Br. at 4.

However, contrary to Cisco's suggestion, the undersigned was faced with essentially the same record and arguments in Blue Coat. For example, Blue Coat argued—as Cisco does here—that during the prosecution of the '633 patent the preamble was amended to be in line with Ex Parte Bo Li, 88 U.S.P.Q.2d 1695 (2008), and thus not transformed into a proper Beauregard claim. See Blue Coat's Responsive Br. at 22-23, ECF 66 in 5:13-cv-03999; Responsive Br. 4-5. As another example, Blue Coat argued that "a person of ordinary skill in the art looking at the claim language, specification, and prosecution history would be left to surmise various inconsistent corrections," see Blue Coat's Responsive Br. at 23 (relying on Novo, 350 F.3d at 1357), while Cisco likewise argues that the "claims" and "prosecution [history] suggest[] a different interpretation" under Novo, see Responsive Br. at 5. In Blue Coat, the undersigned considered and rejected the arguments raised by Blue Coat and Cisco makes a no more compelling case here.

Computer-readable media claims—such as claims covering programs encoded on tangible computer-readable media—are commonly referred to as Beauregard claims after In re Beauregard, 53 F.3d 1583 (Fed. Cir. 1995).

Cisco additionally argues that because dependent claims 15 to 20 refer to "[t]he method of claim 14" there is reasonable debate about how the claim should be corrected. See Responsive Br. at 4. However, Cisco cannot credibly argue that dependent claims 15 to 20 were not available to the Court in deciding Blue Coat. Indeed, the Court previously found that the corrected preamble to claim 14 sets forth not a method but "a computer readable program code." Blue Coat, 2014 WL 5361976, at *7. Moreover, the Court's prior construction in Blue Coat is entitled to deference, see Symantec, 2017 WL 550453, at *3, and Finjan seeks an identical construction here. In sum, the Court adopts Finjan's construction.

Having removed the words "the method" from claim 14, the Court need not and does not reach Cisco's indefiniteness arguments under IPXL which depend on inclusion of the words "the method." See Responsive Br. at 6; see also Finjan, Inc. v. Blue Coat Sys., Inc., 2015 WL 3630000, at *12 (N.D. Cal. June 2, 2015) ("Blue Coat II") (finding claim 14 of the '633 patent not indefinite as construed to not include the words "the method"). In addition, no ruling is made as to whether dependent claims 15 to 20 are indefinite for lack of an antecedent basis due to the Court's construction. This issue is not presently before the Court and not properly briefed.

B. Disputed term in the '844 patent

1. "Downloadable security profile that identifies suspicious code in [the/a] [received] Downloadable" (claims 1, 15 and 43)

Finjan's Proposal

Cisco's Proposal

Court's Construction

"a profile that identifies codein the received Downloadablethat performs hostile orpotentially hostile operations"

"a profile that includes a listof code within [the/a][received] Downloadable thatperforms hostile or potentiallyhostile operations"

"a profile that identifies codein the received Downloadablethat performs hostile orpotentially hostile operations"

The above term is used in claims 1, 15, 22, 23 and 41 to 44 of the '844 patent. Claim 1 is representative and recites:

1. A method comprising:

receiving by an inspector a Downloadable;

generating by the inspector a first Downloadable security profile that identifies suspicious code in the received Downloadable; and
linking by the inspector the first Downloadable security profile to the Downloadable before a web server makes the Downloadable available to web clients.
'844 patent at 11:13-20 (emphasis added).

As an initial matter, the Court notes that according to Finjan's Reply Brief, Finjan's proposed construction of this term in its Opening Brief contained an error. See Reply Br. at 4, ECF 155. Finjan represents it has corrected the error in its proposed construction in its Reply Brief. Id. Thus, the Court analyzes Finjan's proposed construction as set forth in its Reply Brief.

Finjan's proposed construction is identical to the undersigned's construction of precisely the same term in the same '844 patent in Blue Coat. 2014 WL 5361976, at *8-9. Cisco's arguments are largely moot considering Finjan's corrected proposed construction in its Reply brief and Cisco's remaining points are insufficient to overcome the deference afforded the Court's prior construction in Blue Coat. In sum, the Court adopts Finjan's construction, which is identical to the Court's construction of this term in Blue Coat, 2014 WL 5361976, at *8-9.

C. Disputed term in the '780 patent

1. "software component[s]"

Finjan's Proposal

Cisco's Proposal

Court's Construction

Plain and ordinary meaning

"code module required to beincluded within aDownloadable for executionas part of the Downloadable"

Plain and ordinary meaning;no construction necessary

The term "software component[s]" appears in a number of claims in the '780 patent. Claim 1 is representative and recites:

1. A computer-based method for generating a Downloadable ID to identify a Downloadable, comprising:

obtaining a Downloadable that includes one or more references to software components required to be executed by the Downloadable;

fetching at least one software component identified by the one or more references; and

performing a hashing function on the Downloadable and the fetched software components to generate a Downloadable ID.
'780 patent at 10:23-32 (emphasis added).

Finjan argues that "no construction is necessary for 'software components' because the term is readily understood to those skilled in the art." Opening Br. at 7. Finjan further argues that Cisco's proposal "would rewrite the claim language and import additional limitations" and construe "two plain and common words . . . to be 16 words, which do not serve to clarify the claims and would only confuse a jury." Id. at 8-9. Cisco contends that the specification and prosecution history confirm "a Downloadable must include the 'software component' prior to analysis and execution of the Downloadable." Responsive Br. at 9-10.

The Court does not find that departure from the plain and ordinary meaning of "software components" is warranted here. "[C]laim terms must be given their plain and ordinary meaning to one of skill in the art." Thorner v. Sony Computer Ent. Am. LLC, 669 F.3d 1362, 1367 (Fed. Cir. 2012). A "patentee is free to choose a broad term and expect to obtain the full scope of its plain and ordinary meaning unless the patentee explicitly redefines the term or disavows its full scope." Id. Here, the '780 patent and claims repeatedly refer to "one or more references to software components required [to be executed] by the Downloadable." See, e.g., '780 patent at Abstract; 10:26-27; 10:52-53 (emphasis added). In other words, the method of claim 1 recited above includes the step of obtaining a Downloadable based on references to software components that the Downloadable requires to be executed. I.e., the claim language plainly mandates that the obtained Downloadable include at least one reference to software components required to be executed by the Downloadable.

Thus, Cisco's proposed construction that the term "software components" itself requires that the "referenced file [] needs to be included in the Downloadable" does not have support. See Responsive Br. at 9 (emphasis added). Instead, the plain language of the claim simply mandates reference to "software components required to be executed by the Downloadable." See '780 patent at 10:26-27 (emphasis added). Put differently, the requirement included in Cisco's proposed construction does not flow from the claim language itself or the term "software components." This is apparent when inserting Cisco's proposed construction into the claim language, which would yield in part:

obtaining a Downloadable that includes one or more references to [code module required to be included within a Downloadable for execution as part of the Downloadable]
required to be executed by the Downloadable
'780 patent at 10:25-27 (inserting Cisco's proposed construction).

Such claim language tends to confuse and borders on nonsensical. The Court is simply not persuaded that "software components" stands for Cisco's proposed construction over the surrounding claim language and presumption of plain and ordinary meaning, see Thorner, 669 F.3d at 1367.

Accordingly, the Court adopts the plain and ordinary meaning of the disputed term.

IV. ORDER

As set forth above, the Court construes the disputed terms as follows:

Claim Term

Court's Construction

"mobile protection code"('633 patent, claims 1, 8, 14 and 19)

"code that, at runtime, monitors or interceptsactually or potentially malicious codeoperations without modifying the executablecode"

"A computer program product, comprising acomputer usable medium having a computerreadable program code therein, the computerreadable program code adapted to be executedfor computer security, the methodcomprising:"('633 patent, claim 14)

The typographical error in the preamble iscorrected to read:"A computer program product, comprising acomputer usable medium having a computerreadable program code therein, the computerreadable program code adapted to be executedfor computer security, comprising:"

"Downloadable security profile that identifiessuspicious code in [the/a] [received]Downloadable"('844 patent, claims 1, 15 and 43)

"a profile that identifies code in the receivedDownloadable that performs hostile orpotentially hostile operations"

"software component[s]"('780 patent)

Plain and ordinary meaning; no constructionnecessary

IT IS SO ORDERED. Dated: February 5, 2019

/s/_________

BETH LABSON FREEMAN

United States District Judge


Summaries of

Finjan, Inc. v. Cisco Sys. Inc.

UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA SAN JOSE DIVISION
Feb 5, 2019
Case No. 17-cv-00072-BLF (N.D. Cal. Feb. 5, 2019)
Case details for

Finjan, Inc. v. Cisco Sys. Inc.

Case Details

Full title:FINJAN, INC., Plaintiff, v. CISCO SYSTEMS INC., Defendant.

Court:UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA SAN JOSE DIVISION

Date published: Feb 5, 2019

Citations

Case No. 17-cv-00072-BLF (N.D. Cal. Feb. 5, 2019)

Citing Cases

Finjan LLC v. Palo Alto Networks, Inc.

This issue was first addressed in Finjan, Inc. v. Blue Coat Sys., Inc., No. 13-cv-03999-BLF, 2014 WL 5361976,…