Summary
deciding between discrete structural constructions for "certificate authenticator," as the parties agreed this was a means-plus-function term subject to section 112
Summary of this case from Synchronoss Techs., Inc. v. Dropbox Inc.Opinion
Case No. 13-cv-03999-BLF
10-20-2014
FINJAN, INC., Plaintiff, v. BLUE COAT SYSTEMS, INC., Defendant.
ORDER CONSTRUING CLAIMS IN U.S. PATENT NOS. 6,154,844; 7,058,822; 7,418,731; 7,647,633
[Re: ECF 65-67]
Plaintiff Finjan, Inc. brings this patent infringement lawsuit against defendant Blue Coat Systems, Inc., alleging infringement of six of Finjan's patents directed at computer and network security: U.S. Patent Nos. 6,154,844 ('844 Patent); 6,804,780 ('780 Patent); 6,965,968 ('968 Patent); 7,058,822 ('822 Patent); 7,418,731 ('731 Patent); and 7,647,633 ('633 Patent) (collectively, "Asserted Patents"). The Court held a tutorial on August 15, 2014 and a Markman hearing on August 22, 2014 for the purpose of construing ten disputed terms in the '822, '633, '844, and '731 Patents. The parties do not presently dispute the proper construction of terms in the '780 and '968 Patents.
Markman v. Westview Instruments, Inc., 517 U.S. 370 (1996).
I. BACKGROUND
All of the Asserted Patents are directed toward behavior-based Internet security. That is, rather than scanning and maintaining a list of known viruses and malicious code signatures, the Asserted Patents provide a system and methods for identify, isolating, and neutralizing potentially malicious code based on the behavior of that code. Pl.'s Br. 3, ECF 65. Finjan does not practice the Asserted Patents, but accuses Blue Coat's computer network and network security products of infringing each. Def.'s Br. 1, ECF 66; see also Compl., ECF 1.
The '822 and '633 Patents, both titled "Malicious Mobile Code Runtime Monitoring System and Methods," are related and share the same specification. The '822 Patent issued on June 6, 2006 and lists Yigal Mordechai Edery, Nimrod Itzhak Vered, and David R. Kroll as inventors. Decl. of James Hannah Exh. 1 ('822 Patent), ECF 65-3. The '633 Patent is a continuation of the '822 Patent, and issued on January 12, 2010. The '633 Patent lists Yigal Mordechai Edery, Nimrod Itzhak Vered, David R. Kroll, and Shlomo Touboul as inventors. Hannah Decl. Exh. 2 ('633 Patent), ECF 65-4. These patents provide systems and methods for protecting devices on an internal network from code, applications, and/or information downloaded from the Internet that performs malicious operations. Id. at Abstract. At a high level, the disclosed embodiments describe a protection engine that generally resides on a network server and inspects incoming downloads for executable code. Id. col. 2:20-3:4. Upon detection of executable code, the protection engine deploys "mobile protection code" and protection policies to the download destination. Id. col. 3:5-21. At the destination, the downloadable-information is executed, typically within a sandboxed environment, and malicious or potentially malicious operations that run or attempt to run are intercepted and neutralized by the mobile protection code according to set protection policies. Id. col. 3:22-40.
The '844 Patent, titled "System and Method for Attaching a Downloadable Security Profile to a Downloadable," issued on November 28, 2000 and lists Shlomo Touboul and Nachshon Gal as inventors. Hannah Decl. Exh. 3 ('844 Patent), ECF 65-5. This patent claims a system and methods of network protection wherein an inspector reviews a piece of downloadable-information for suspicious code or behavior according to a set of rules. Id. col. 2:3-19. The inspector generates a profile characterizing the areas of suspicion and then attaches that profile to the downloadable-information. Id. The profile can include other unique identifiers and certificates that are later read by a protection engine to determine whether or not to trust the profile. Id. col. 20-48. By providing verifiable profiles, the object of the invention is to provide flexible, efficient protection against known and unknown hostile downloadable information without having to rel-inspect the same piece of downloadable-information each time. Id. col. 2:61-3:7.
The '731 Patent, titled "Method and System for Caching at Secure Gateways," issued on August 26, 2008 and lists Shlomo Touboul as the sole inventor. Hannah Decl. Exh. 4 ('731 Patent), ECF 65-6. This patent describes systems and methods of operating computer and network gateways that protect an intranet of computers. The claimed inventions provide for caching of security information and policies at the gateway. Id. at Abstract. This caching mitigates network latency—delay in the transmission of data—caused when the gateway processes downloadable information to protect intranet devices. Id. col. 1:55-67.
II. LEGAL STANDARD
Claim construction is a matter of law. Markman v. Westview Instruments, Inc., 517 U.S. 370, 387 (1996). "It is a 'bedrock principle' of patent law that 'the claims of a patent define the invention to which the patentee is entitled the right to exclude," Phillips v. AWH Corp., 415 F.3d 1303, 1312 (Fed. Cir. 2005) (en banc) (internal citation omitted), and, as such, "[t]he appropriate starting point . . . is always with the language of the asserted claim itself," Comark Commc'ns, Inc. v. Harris Corp., 156 F.3d 1182, 1186 (Fed. Cir. 1998).
Claim terms "are generally given their ordinary and customary meaning," defined as "the meaning . . . the term would have to a person of ordinary skill in the art in question . . . as of the effective filing date of the patent application." Phillips, 415 F.3d at 1313 (internal citation omitted). The court reads claims in light of the specification, which is "the single best guide to the meaning of a disputed term." Id. at 1315; see also Lighting Ballast Control LLC v. Philips Elecs. N. Am. Corp., 744 F.3d 1272, 1284-85 (Fed. Cir. 2014) (en banc). Furthermore, "the interpretation to be given a term can only be determined and confirmed with a full understanding of what the inventors actually invented and intended to envelop with the claim." Phillips, 415 F.3d at 1316 (quoting Renishaw PLC v. Marposs Societa'per Azioni, 158 F.3d 1243, 1250 (Fed. Cir. 1998)). The words of the claims must therefore be understood as the inventor used them, as such understanding is revealed by the patent and prosecution history. Id. The claim language, written description, and patent prosecution history thus form the intrinsic record that is most significant when determining the proper meaning of a disputed claim limitation. Id. at 1315-17; see also Vitronics Corp. v. Conceptronic, Inc., 90 F.3d 1576, 1582 (Fed. Cir. 1996).
Evidence external to the patent is less significant than the intrinsic record, but the court may also consider such extrinsic evidence as expert and inventor testimony, dictionaries, and learned treatises "if the court deems it helpful in determining 'the true meaning of language used in the patent claims.'" Philips, 415 F.3d at 1318 (quoting Markman, 52 F.3d at 980). However, extrinsic evidence may not be used to contradict or change the meaning of claims "in derogation of the 'indisputable public records consisting of the claims, the specification and the prosecution history,' thereby undermining the public notice function of patents." Id. at 1319 (quoting Southwall Techs., Inc. v. Cardinal IG Co., 54 F.3d 1570, 1578 (Fed. Cir. 1995)).
III. AGREED CONSTRUCTIONS
The parties agree on the construction for five terms. Joint Claim Construction Statement, ECF 59. The Court accordingly adopts and approves the following constructions:
| Patent | Term | Construction |
| 6,804,780: all asserted claims | Downloadable | an executable application program, which is downloaded from a source computer and run on the destination computer |
| 6,804,780: claims 1, 9, 17, 18 | performing a hashing function on the Downloadable and the fetched software components | performing a hashing function on the Downloadable together with its fetched software components |
| 6,804,780: claims 4, 12 | plugin | software component that adds to the functionality of an already existing application program |
| 6,965,968: claims 1, 13, 23, 26, 32-33 | policy index | a data structure indicating allowability of cached content relative to a plurality of policies |
| 6,154,844: claims 1, 3-8, 11-12, 15, 19, 21-23, 41-44 | Downloadable | an executable application program, which is downloaded from a source computer and run on the destination computer |
Furthermore, Blue Coat requested construction of two other terms—"information-destination" and "Downloadable-information destination"—from the '822 and '633 Patents that Finjan contended do not require construction. Id. at 8, 11, ECF 59. In its responsive claim construction brief, Blue Coat indicated that it agreed with Finjan that those terms do not require construction. Def.'s Br. 24. As such, the Court will not construe those terms in this order.
IV. CONSTRUCTION OF DISPUTED TERMS IN THE '633 AND '822 PATENTS
A. "mobile protection code"
Finjan indicated at the Markman hearing that it does not oppose modifying its construction to include "actually or" potentially malicious code. Hr'g Tr. 28:6-21, ECF 86.
This disputed term appears in independent claim 1 and dependent claim 19 of the '822 Patent, as well as in independent claims 1, 8, 13, and 14 of the '633 Patent. Claim 1 of the '633 Patent is representative of how the term is used in the claim language:
1. A computer processor-based method, comprising: receiving, by a computer, downloadable-information; determining, by the computer, whether the downloadable-information includes executable code; and based upon the determination, transmitting from the computer mobile protection code to at least one information-destination of the downloadable-information, if the downloadable-information is determined to include executable code.
The parties agree that mobile protection code ("MPC") is not a term known in the art. Pl.'s Br. 7; Def.'s Br. 15. As such, the intrinsic record is the best evidence of the patentee's understanding of the term. For its construction, Finjan relies on a passage from the specification, which indicates that "[t]he sandboxed package includes mobile protection code ("MPC") for causing one or more predetermined malicious operations or operation combinations of a Downloadable to be monitored or otherwise intercepted." '822 Patent col. 3:6-10. Based on this evidence from the intrinsic record, Finjan argues that the MPC must merely be capable of monitoring or intercepting malicious code. Pl.'s Br. 7-8; Pl.'s Reply 2, ECF 67.
The '822 and '633 Patents share the same specification.
Finjan also argues that its proposed construction is appropriate because it was adopted in a different lawsuit involving the same patent resulting in a verdict that was upheld by the Federal Circuit on appeal. Pl.'s Br. 8. This is not persuasive because the parties in that action stipulated to the construction and, accordingly, that construction was not before the Federal Circuit on appeal. See Def.'s Br. 15 n.11; see also Finjan, Inc. v. Secure Computing Corp., 626 F.3d 1197 (Fed. Cir. 2010).
By contrast, Blue Coat's construction seeks to add two limitations. First, Blue Coat contends that the MPC must be "runtime code" because the title and purpose of the '822 and '633 inventions is for "malicious mobile code runtime monitoring systems and methods." '822 Patent, col. 5:30-31 (emphasis added); Def.'s Br. 16-17. Finjan responds that the specification does not so limit the MPC because there are embodiments describing static code and the Court should not place undue emphasis on the word "runtime," which appears only twice in the patent. Pl.'s Br. 8-9; Pl.'s Reply 3.
The trouble with the "runtime code" limitation is that there does not appear to be a well-understood definition of that term in the art, and the Court is not convinced that using such a vague and undefined term would be helpful to a jury. For example, in Blue Coat's estimation, runtime code is code that is always running and never static. See Hr'g Tr. 64:18-20; 65:11-13, ECF 86. It is not clear that this interpretation of "runtime code" is even supported by Blue Coat's expert, who describes the operation of the MPC as "running (executing) while the mobile code is running (executing)," Decl. of Dr. Peter Reiher ¶ 19, ECF 66-1, implying that there are instances when both the MPC and the mobile code are static or inactive. As such, the Court declines to adopt the "runtime code" limitation. It would, however, be potentially helpful—and consistent with the patent—to clarify that the MPC operates at runtime, as indicated by the title of the '822 and '633 Patents, and by the testimony of Blue Coat's expert that the MPC runs when the downloadable-information is running. See also '822 Patent col. 5:30-34. As such, the Court's construction clarifies that MPC is code that, at runtime, performs the specified functions.
Blue Coat's second limitation requires that the MPC actually provide protection—beyond monitoring—by causing operations to occur in response to malicious executable code operations. Def.'s Br. 17-18. Finjan argues that this requirement conflates the operation of the MPC with the operation of protection policies. Pl.'s Br. 8-9; Pl.'s Reply 3-4.
The specification appears to support Finjan's interpretation, as the patent discloses protection policies "(operable alone or in conjunction with further Downloadable-destination stored or received policies/MPCs) for causing one or more predetermined operations to be performed if one or more undesirable operations of the Downloadable is/are intercepted." '822 Patent col. 3:10-15. More problematically, and as noted by Blue Coat, the specification also frequently groups the MPC and the protection policies together by referring to them collectively as the "MPC/policies." See, e.g., id. cols. 3:18-20, 58:62, 10:61-65. The only description of the interaction between the MPC and the protection policies is set forth in the following passage:
If, in step 1107, the MPC determines, from monitored/intercepted information, that the Downloadable is attempting or has attempted a destination device access considered undesirable or otherwise malicious, then the MPC performs steps 1109 and 1111 . . . . In step 1109, the MPC determines protection policies in accordance with the access attempt by the Downloadable, and in step 1111, the MPC executes the protection policies.Id. col. 20:10-19 (emphasis added); see also id. col. 9:66-10:4. Based on this description, it would not be inaccurate to describe the MPC as "invoking" the protection policies to cause predetermined operations in response to malicious code. See Def.'s Br. 17. However, the interpretation that better comports with the disclosures in the patent is that the protection policies cause responsive operations when executed by the MPC, thus including instances where the protection policies, "operable alone," cause those predetermined operations. '822 Patent col. 3:10-15. As such, the Court declines to adopt Blue Coat's proposed limitation and agrees with Finjan that the MPC, as expressly disclosed in the patent, monitors or intercepts malicious code.
Finally, the parties at the Markman hearing identified a further dispute not previously briefed over whether the MPC intercepts code or operations. See Hr'g Tr. 60:20-61:18, 73:19-75:22. Finjan argued that "code" is the appropriate word to use in this construction because the patentee was concerned with Javascript, a dynamic computer programming language where the code (or script) and operations are one and the same. Id. at 74:14-75:21. This does not mean that it would be inaccurate to describe the MPC as intercepting code operations. In fact, the portion of the specification on which Finjan relies for its construction describes intercepting operations and not code. See '822 Patent col. 3:6-10. Because Blue Coat makes a compelling argument for precise wording in this context, the Court accordingly construes "mobile protection code" as "code that, at runtime, monitors or intercepts actually or potentially malicious code operations."
B. "means for causing mobile protection code to be communicated to at least one information-destination of the downloadable-information, if the downloadable-information is determined to include executable code"
| Finjan's Proposal | Blue Coat's Proposal | Court's Construction |
| Function: causing mobile protection code to be communicated to at least one information-destination of the downloadable-information, if the downloadable-information is determined to include executable code Structure: re-communicating device | Function: if the downloadable-information is determined to include executable code, transferring mobile protection code with the downloadable-information to at least one information destination of the downloadable information without modifying the executable code Structure: re-communicating device | Function: if the downloadable-information is determined to include executable code, causing mobile protection code to be communicated to at least one information-destination of the downloadable-information without modifying the executable code Structure: re-communicating device |
|---|
This phrase appears in independent claim 13 of the '633 Patent, which reads:
A variation of this term, the step or element of "causing mobile protection code to be communicated . . .", also appears in claims 1 and 9 of the '822 Patent.
13. A processor-based system for computer security, the system comprising:
means for receiving downloadable-information;
means for determining whether the downloadable-information includes executable code; and
means for causing mobile protection code to be communicated to at least one information-destination of the downloadable-information, if the downloadable-information is determined to include executable code.
The parties agree that this limitation is a means-plus-function term subject to the requirements of 35 U.S.C. § 112, ¶ 6. Under § 112, ¶ 6, a means-plus-function claim "shall be construed to cover the corresponding structure, material, or acts described in the specification of equivalents thereof." 35 U.S.C. § 112, ¶ 6. In construing a means-plus-function claim term, the Court must first determine the claimed function then identify the "corresponding" structure that is necessary to performing the claimed function. JVW Enters., Inc. v. Interact Accessories, Inc., 424 F.3d 1324, 1330 (Fed. Cir. 2005).
Paragraph 6 of 35 U.S.C. § 112 was replaced with newly designated § 112(f) when the America Invents Act ("AIA"), Pub. L. No. 112-29, took effect on September 16, 2012. Because the applications resulting in the patents at issue in this case were filed before that date, the Court will refer to the pre-AIA version of § 112.
Here, the parties agree on the corresponding structure but disagree on the proper construction of the claimed function. The dispute is over whether, after determining that a piece of downloadable-information contains executable code, "causing mobile protection code to be communicated . . ." requires that the MPC be transmitted with the downloadable-information and without modifying the executable code in the downloadable-information.
Finjan argues that these two limitations should not be read into the claimed function because the language of the claim is sufficient, and because the '633 Patent discloses examples wherein the MPC is transmitted separately from the downloadable-information and wherein the executable code is modified. Pl.'s Br. 12-13; Pl.'s Reply 6-9. Blue Coat relies on disclosures in the specification and statements in the prosecution history to contend that the patentee distinguished the present invention over the prior art by arguing that the MPC is "packaged" with the downloadable-information and communicated to the destination without modifying the executable code. Def.'s Br. 18-21.
It is clear from the specification that the MPC does not modify executable code. At separate points, embodiments are described as advantageously enabling "potentially damaging, undesirable or otherwise malicious operations by even unknown mobile code to be detected, prevented, modified and/or otherwise protected against without modifying the mobile code." '633 Patent col. 4:12-16; see also id. col. 10:39-44 (apparent that claimed invention is "more accurate and far less resource intensive than, for example . . . modifying a Downloadable"). Finjan's arguments to the contrary are not persuasive. The examples that Finjan provides of modification to the executable code show modifications to code operations or other portions of the downloadable-information, not the problematic executable code. Pl.'s Br. 12 (citing '633 Patent col. 13:28-41); Pl.'s Reply (citing '822 Patent col. 4:4-10). Moreover, while the patentee may have also distinguished the prior art on other grounds, see Pl.'s Reply 7-8, the public is entitled to rely on all of the grounds on which a piece of prior art is distinguished, Andersen Corp. v. Fiber Composites, LLC, 474 F.3d 1361, 1374 (Fed. Cir. 2007), particularly where those statements are made in the specification itself. Absent examples of modifications to executable code, the Court is left with the inescapable conclusion that the disclosed advantages over the prior art are an essential part of the claimed invention. SciMed Life Sys., Inc. v. Advanced Cardiovascular Sys., Inc., 242 F.3d 1337, 1342-45 (Fed. Cir. 2001); but see i4i Ltd. P'ship v. Microsoft Corp., 598 F.3d 831, 844 (Fed. Cir. 2010) aff'd on other grounds, 131 S. Ct. 2238 (U.S. 2011) (finding no disclaimer based on "permissive" language about benefits of system). Accordingly, the Court finds that the MPC does not modify executable code found in the downloadable-information.
Whether the MPC must be transmitted with the downloadable-information presents a closer question. Here, numerous disclosures in the specification suggest that the MPC may be transmitted separately from the downloadable-information. See, e.g., '633 Patent cols. 9:58-63, 12:38-43, 16:1-15. Blue Coat's argument for inclusion of this limitation is thus based entirely on prosecution history disclaimer. Def.'s Br. 20-21. "Where an applicant argues that a claim possesses a feature that the prior art does not possess in order to overcome a prior art rejection, the argument may serve to narrow the scope of otherwise broad claim language." Seachange Int'l, Inc. v. C-COR, Inc., 413 F.3d 1361, 1372-73 (Fed. Cir. 2005) (citing Rheox, Inc. v. Entact, Inc., 276 F.3d 1319, 1325 (Fed. Cir. 2002)). However, such disavowal of claim scope must be clear and unambiguous, Omega Eng'g, Inc. v. Raytek Corp., 334 F.3d 1314, 1323-25 (Fed. Cir. 2003), and not "subject to more than one reasonable interpretation," SanDisk Corp. v. Memorex Prods., Inc., 415 F.3d 1278, 1287 (Fed. Cir. 2005).
Blue Coat relies on a 2005 Preliminary Response and 2009 Amendment and Response from the '633 Patent prosecution history, wherein the patentee distinguishes over a prior art reference, Golan. The pertinent passage states:
In distinction with the present invention, Golan does not describe the packaging of protection code. Instead, Golan discusses a situation whereby a security monitor is already resident on a client computer, as illustrated in FIGS. 2, 5 and 9 of Golan, without concerning itself as to how the security monitor is installed. In fact, prima facie the methodology of the present invention, of packaging mobile protection code with downloadable information, seems wasteful andDecl. of Olivia Kim Exh. G at 2 (ECF 66-12), Exh. H at 14 (ECF 66-13) (emphasis added). Blue Coat interprets the emphasized sentence to require that the MPC be literally packaged and transmitted in conjunction with the downloadable-information. Finjan argues that this passage is not a clear disavowal of claim scope because later in the same responses, within the specific context of the claims, the patentee distinguishes Golan on the ground that it "does not describe causing mobile protection code, which corresponds to Golan's security monitor, to be communicated." Pl.'s Reply 8 (citing Kim Decl. Exh. G at 2). Thus, the patentee distinguished Golan on the ground that it did not provide for any communication of MPC to the destination. Id.
counter-intuitive, since such protection code is typically retransmitted to the client computer many times—in particular, each time a downloadable with executable code is downloaded. However, the advantage of this methodology is control over the ability to customize the mobile protection code and to update it as necessary, thus obviating the need for a user to be responsible for ensuring that his security code be appropriate to his computer and up to date.
Both parties' interpretations are reasonable. Read plainly, the feature that the patentee was distinguishing over Golan was the communication of MPC, as opposed to having it "already resident on a client computer . . . without concerning itself as to how the [MPC] was installed." Kim Decl. Exh. G at 2. Although the patentee indicates that the methodology of the present invention is the "packaging [of] mobile protection code with downloadable information," id., it would be reading too much into a single word to interpret that as an express requirement that the MPC always be transmitted in conjunction with the downloadable-information. Because the patentee's statements in distinguishing Golan are subject to multiple reasonable interpretations,the Court therefore agrees with Finjan that the prosecution history does not evince a clear disavowal of embodiments in which the MPC is communicated separately from the downloadable-information and declines to adopt such a limitation.
In contrast to the "without modifying the executable code" limitation discussed above, the patentee did not offer multiple grounds for distinguishing the prior art. Rather, the same argument by the patentee is susceptible to multiple interpretations.
Based on the foregoing, the Court construes "means for causing mobile protection code to be communicated to at least one information-destination of the downloadable-information, if the downloadable-information is determined to include executable code" to be a means-plus-function term wherein the claimed function is "if the downloadable-information is determined to include executable code, causing mobile protection code to be communicated to at least one information-destination of the downloadable-information without modifying the executable code," and the corresponding structure is a "re-communicating device."
C. Disputed Terms in Claim 14 of the '633 Patent
The parties dispute the meaning of two phrases in independent claim 14 of the '633 Patent, which reads:
14. A computer program product, comprising a computer usable medium having a computer readable program code therein, the computer readable program code adapted to be executed for computer security, the method comprising:The Court addresses each disputed phrase in turn.
providing a system, wherein the system comprises distinct software modules, and wherein the distinct software modules comprise an information re-communicator and a mobile code executor;
receiving, at the information re-communicator, downloadable-information including executable code; and
causing mobile protection code to be executed by the mobile code executor at a downloadable-information destination such that one or more operations of the executable code at the destination, if attempted, will be processed by the mobile protection code.
i. "A computer program product, comprising a computer usable medium having a computer readable program code therein, the computer readable program code adapted to be executed for computer security, the method comprising: providing a system, . . ."
| Finjan's Proposal | Blue Coat's Proposal | Court's Construction |
| A computer program product, comprising a computer usable medium having a computer readable program code therein, the computer readable program code adapted to be executed for computer security, comprising: providing a system, . . . | Indefinite | A computer program product, comprising a computer usable medium having a computer readable program code therein, the computer readable program code adapted to be executed for computer security, comprising: providing a system, . . . |
The sole controversy over this preamble is whether it is sufficiently definite to "inform, with reasonable certainty, those skilled in the art about the scope of the invention." Nautilus, Inc. v. Biosig Instruments, Inc., 134 S. Ct. 2120, 2124 (2014). Finjan acknowledges that the disputed phrase contains a drafting error but urges that the Court can correct the problem by simply striking the words "the method" from this phrase. As corrected, Finjan argues that Claim 14 sets forth a Beauregard claim that is understandable to one of ordinary skill in the art. Pl.'s Br. 20; Pl.'s Reply 11-12. Blue Coat contends that the error in Claim 14 is not merely typographical because simply removing "the method" fails to inform "what provides the system, and how the system is provided." Def.'s Br. 22-23. The Court disagrees because, as noted by Finjan, the corrected preamble can be reasonably interpreted to set forth a computer readable program code that, when executed, performs the limitations of the claim. See Pl.'s Reply 11.
Named after In re Beauregard, 53 F.3d 1583 (Fed. Cir. 1995), a Beauregard claim is "a claim to a computer readable medium (e.g., a disk, hard drive, or other data storage device) containing program instructions for a computer to perform a particular process." CyberSource Corp. v. Retail Decisions, Inc., 654 F.3d 1366, 1373 (Fed. Cir. 2011).
Blue Coat further argues that the claim is indefinite regardless of Finjan's proposed correction because one skilled in the art would have difficulty understanding whether the claimed invention is an apparatus or a method. Def.'s Br. 22-23. At the Markman, Blue Coat further elaborated on this argument by citing to IPXL Holdings, LLC v. Amazon.com, Inc., 430 F.3d 1377 (Fed. Cir. 2005), in which the Federal Circuit invalidated a similar Beauregard style claim for improperly including both method and apparatus limitations in the same claim. Id. at 1383-84; but see Convolve, Inc. v. Dell, Inc., No. 2:08-CV-244-CE, 2011 WL 31792, at *17-18 (E.D. Tex. Jan. 5, 2011) (distinguishing IPXL because accused infringer would know at time of sale whether device would meet the additional step-wise limitations of computer code claim); Biosig Instruments, Inc. v. Nautilus, Inc., 715 F.3d 891, 904 (Fed. Cir. 2013), vacated on other grounds, 134 S. Ct. 2120 (2014) (distinguishing IPXL and characterizing patent at issue as reciting "apparatus claims with functional limitations").
The Court declines to rule at this time that this preamble renders the entire claim indefinite. While it appears that this claim is susceptible to the problem identified in IPXL, Blue Coat did not cite that case in its claim construction brief and did not raise the issue until the Markman hearing. Moreover, the testimony of both experts on this issue is too conclusory for the Court to determine, at this stage, that the claim is indefinite under IPXL. Compare Decl. of Nenad Medvidovic ¶ 20, ECF 65-1 to Reiher Decl. ¶ 25. Notably, Blue Coat's expert declaration does not even address the IPXL issue in light of Finjan's proposed removal of the words "the method," instead testifying that with the correction one of ordinary skill in the art would not understand "(1) what provides the system, and (2) how the system is provided." Reiher Decl. ¶ 25. As such, Blue Coat has not satisfied its burden of proving by clear and convincing evidence that one with ordinary skill in the art would not, with reasonable certainty, be able to discern whether the corrected Claim 14 covers a method or apparatus or know when the claim is infringed. Microsoft Corp. v. i4i Ltd. P'ship, 131 S. Ct. 2238, 2243 (2011) (invalidity defense must be proven by clear and convincing evidence).
For the foregoing reasons, the Court accepts Finjan's proposal to correct the typographical error in the preamble to Claim 14 of the '633 Patent so that it shall read: "A computer program product, comprising a computer usable medium having a computer readable program code therein, the computer readable program code adapted to be executed for computer security, comprising: providing a system, . . .". Decision on Blue Coat's indefiniteness argument will be deferred until summary judgment, where Finjan can be afforded an opportunity to respond to Blue Coat's challenge based on IPXL, and both parties can more fulsomely brief the issue.
ii. "causing mobile protection code to be executed by the mobile code executor at a downloadable-information destination such that one or more operations of the executable code at the destination, if attempted, will be processed by the mobile protection code"
| Finjan's Proposal | Blue Coat's Proposal | Court's Construction |
| No construction necessary -Plain and ordinary meaning. | running, at a downloadable-information destination, mobile protection code which was transmitted with the downloadable-information without modifying the executable code, such that one or more operations of the executable code will be processed by the mobile protection code if attempted at the downloadable-information destination | Plain and ordinary meaning, wherein the mobile protection code was communicated to the downloadable-information destination without modifying the executable code |
Blue Coat's rather cumbersome proposal seeks only to maintain its proposed limitation that the MPC be "transmitted with the downloadable-information without modifying the executable code." As discussed above, the intrinsic evidence does not support a limitation requiring that the MPC be transmitted with the downloadable-information but does indicate that the MPC travels to the destination without modifying executable code in the downloadable-information. The disputed phrase moreover presumes that the MPC has already arrived at the downloadable-information and, as such, the construction of this phrase need not expressly contain limitations on the manner in which the MPC is communicated. The Court therefore construes the disputed phrase "causing mobile protection code to be executed by the mobile code executor at a downloadable-information destination such that one or more operations of the executable code at the destination, if attempted, will be processed by the mobile protection code" to have its plain and ordinary meaning, but with the understanding—for purposes of clarification—that the mobile protection code was communicated to the downloadable-information destination without modifying the executable code.
V. CONSTRUCTION OF DISPUTED TERMS IN THE '844 PATENT
A. Disputed Terms in Claims 1, 15, 22, 23, 41-44 of the '844 Patent
The parties dispute the meaning of two phrases that appear in independent claims 1, 15, 22, 23, 41-44 of the '844 Patent. Claim 1 is representative of how the disputed terms are used in the claim language:
1. A method comprising:Both of these terms are used consistently throughout the claims, but do not appear anywhere else in the specification of the '844 Patent. The Court addresses each in turn.
receiving by an inspector a Downloadable; generating by the inspector a first Downloadable security profile that identifies suspicious code in the received Downloadable; and
linking by the inspector the first Downloadable security profile to the Downloadable before a web server makes the Downloadable available to web clients.
i. "Downloadable security profile that identifies suspicious code in the received Downloadable"
| Finjan's Proposal | Blue Coat's Proposal | Court's Construction |
| a profile that identifies hostile or potentially hostile operations in the Downloadable | a profile that specifies code contained in the received Downloadable that is hostile or potentially hostile, including code that performs file operations, network operations, registry operations, or operations system operations | a profile that identifies code in the received Downloadable that performs hostile or potentially hostile operations |
The competing proposals expose two disputes: the meaning of "suspicious code" and the meaning of "identifies." Taking the easier dispute first, the Court finds that "identifies" does not require further construction. At the Markman hearing, Blue Coat expressed concern that "identifies" is too vague and could be interpreted to permit the downloadable security profile to simply detect the presence of suspicious code without further specifying its location or characteristics. Hr'g Tr. 101:19-103:17. This concern is well taken, and the Court agrees with Blue Coat that the patent requires the downloadable security profile ("DSP") to include details about the suspicious code in the received downloadable, such as by listing "all potentially hostile or suspicious code operations that may be attempted by the Downloadable," or "the respective arguments of these operations." '844 Patent col. 4:4-7; see Def.'s Br. 7-9 (citing '844 Patent cols. 4:4-7, 8:55-60, and U.S. Pat. No. 6,092,194, cols. 4:33-37, 4:59-64, 5:43-57, 9:24-29 (incorporated by reference into the '844 Patent)). However, "identifies" is sufficiently precise to convey this meaning without resorting to a different word that does not appear in the specification.
The term "suspicious code" does not appear anywhere in the specification other than the claims. Finjan argues that this is because the patent uses "code" and "operations" interchangeably so that "suspicious code" is best construed as "hostile or potentially hostile operations." Pl.'s Reply 4-5. Finjan provides no support for this interpretation other than examples from the specification describing the DSP "preferably" listing suspicious operations. See, e.g., '844 Patent col. 4:4-7. To be sure, the '844 Patent specification is not a model of consistency or even of clarity. As argued by Blue Coat, however, Finjan's conflation of "code" with "operations" ignores the consistent use of "operations" elsewhere in the specification and particularly in the claim language. Def.'s Br. 6-7. The Court agrees.
There is no expert testimony on what "code" and "operations" mean to one of skill in the art. The specification of the '844 Patent consistently distinguishes between "operations" and "code patterns," while also referring to "code" and "executable code," to describe the Downloadable. See, e.g., '844 Patent col. 4:7-10, 5:63-65, 8:51-55. This suggests that the patentee understood there to be a difference between "code and "operations." Most notably, dependent claim 11 provides "[t]he method of claim 1, wherein the first Downloadable security profile includes a list of operations deemed suspicious by the inspector." The patentee therefore maintained a distinction between "code" and "operations" throughout the '844 Patent. Moreover, the term "suspicious code" does not appear to have been added later by amendment, as an Office Action from 1999 suggests that the term was used very early in the prosecution history. Kim Decl. Exh. B at 6. As such, construing "suspicious code" in claim 1 to mean, essentially, suspicious "operations" would impermissibly render claim 11 superfluous. Aspex Eyewear, Inc. v. Marchon Eyewear, Inc., 672 F.3d 1335, 1349 (Fed. Cir. 2012); Comark, 156 F.3d at 1187. Finjan has not identified any evidence in the intrinsic record to overcome this strong presumption of claim differentiation. Liebel-Flarsheim Co. v. Medrad, Inc., 358 F.3d 898, 910 (Fed. Cir. 2004) (presumption of claim differentiation is at "its strongest" when redundancy appears between independent and dependent claims).
The parties did not provide the Court with a full prosecution history for the '844 Patent, and the Court therefore cannot conclusively determine when "suspicious code" first appeared in the claim language.
Finally, while in some instances there may not be a meaningful distinction between "operations" and "code that performs operations," see Pl.'s Reply 5, maintaining that distinction comports with the patentee's own usage of "code" to describe the Downloadable and "operations" to describe suspicious behavior, see '844 Patent col. 4:7-34. Based on the foregoing, the Court rejects Finjan's proposal to construe "code" as "operations." Blue Coat's construction, however, is modified to eliminate the use of "specifies" and simplified to convey the distinction between code and operations without including a list of examples. As such, the Court construes "Downloadable security profile that identifies suspicious code in the received Downloadable" to mean "a profile that identifies code in the received Downloadable that performs hostile or potentially hostile operations."
Blue Coat indicated at the Markman hearing that it did not object to leaving exemplary operations out of the construction. Hr'g Tr. 100:23-101:3.
ii. "before [a/the] web server make[s] the Downloadable available to web clients"
| Finjan's Proposal | Blue Coat's Proposal | Court's Construction |
| No construction necessary -Plain and ordinary meaning. | before [a/the] non-gateway server from which web pages originate allows a web client to access a Downloadable | before [a/the] non-network gateway web server make[s] the Downloadable available to web clients |
The dispute centers on whether patent requires that the web server be distinct from a network gateway. Noting that this phrase does not appear in the specification, Blue Coat contends that the patent discloses embodiments where the web server and network gateway are distinct. Def.'s Br. 9-10. Moreover, the patentee distinguished the present invention over a prior art reference, Ji, that disclosed inspection of Downloadables on a network gateway, thus disclaiming embodiments where the web server and network gateway are one and the same. Id. at 10-11. Finjan, in turn, argues that the specification does not limit web servers to be distinct from gateway servers and in fact discloses web servers that act as bi-directional gateways. Pl.'s Reply 12 (citing '844 Patent col. 10:51-56).
The intrinsic evidence favors Blue Coat's construction. As identified by Blue Coat, Figure 1 of the '844 Patent shows a web server as a distinct entity from the network gateway. Def.'s Br. 10; see also '844 Patent col. 5:12-13. Although the specification specifically indicates that the developer 120, inspector 125, and web server 185 can be configured in any number of ways, the network gateway 110 is not mentioned in these alternative site combinations. '844 Patent col. 3:47-52. The claim language furthermore makes a clear distinction between network gateway and web server, as illustrated, for example, in Claim 22, wherein the network gateway receives a Downloadable with a linked DSP, the linking having occurred before the web server makes the Downloadable available to the web client. Id. cl. 22. There are no disclosures or claims where the network gateway and the web server are one and the same.
The patentee's statements in prosecution only serve to reinforce that conclusion. See Def.'s Br. 10 (quoting Kim Decl. Exh. D at 5). One of the primary thrusts of the patentee's argument of Ji is clearly that Ji "teaches a method performed on a network gateway" and "the burden of examining a Downloadable for the suspicious code is always on the network gateway." Kim Decl. Exh. D at 5. By contrast, the patented invention includes an inspector that "generat[es] and link[s] a Downloadable security profile to a Downloadable before a web server makes the Downloadable available to web clients," and the network gateway then "examines the Downloadable security profile for security policy violations." Id. (emphasis added). Thus, even if, as Finjan argues, the patentee identified other features that were novel in light of Ji such that there was not a clear disavowal of scope, see Pl.'s Reply 12-13, the patentee's own words contrasting Ji with the present invention still bolster the conclusion, already reached from an examination of the patent specification, that the '844 Patent contemplates a distinction between web servers and network gateways, 800 Adept, Inc. v. Murex Securities, Ltd, 539 F.3d 1354, 1364-65 (Fed. Cir. 2008). Acknowledging, however, that Blue Coat's use of the generic term "gateway" appears to have introduced some ambiguity into its proposal, the Court will reword the construction to clarify that a web server is not a network gateway.
Blue Coat did not provide any evidence in support of the limitation that the web server be "from which web pages originate," nor is it clear that those words were merely included for clarification. The Court therefore declines to adopt that portion of Blue Coat's proposal.
Blue Coat indicated at the Markman hearing that the second part of its construction that the web server "allows a web client to access" a Downloadable is merely a clarifying proposal for purposes of aiding the jury. Hr'g Tr. 105:4-5; see also Def.'s Br. 9-10. Because this part of Blue Coat's construction does not affect claim scope, and because Finjan disputes the effectiveness of this clarification, the Court will hew to the language of the claim. Accordingly, the term "before [a/the] web server make[s] the Downloadable available to web clients" is construed as "before [a/the] non-network gateway web server make[s] the Downloadable available to web clients."
B. Disputed Terms in Claim 44 of the '844 Patent
The parties dispute two additional terms in independent Claim 44 of the '844 Patent, which reads:
44. A network gateway system comprising:
means for receiving a Downloadable with a linked first Downloadable security profile that identifies suspicious code in the Downloadable, the Downloadable security profile being linked to the Downloadable before the web server make [sic] the Downloadable available to the web client:
means for determining whether to trust the first Downloadable security profile; and
means for comparing the first Downloadable security profile against the security policy if the first Downloadable security profile is trustworthy.
The parties agree that both of these terms are means-plus-function terms subject to the requirements of 35 U.S.C. § 112, ¶ 6, and they also agree on the function claimed in each term. The Court therefore addresses each only with respect to the disputed structural limitations.
| "means for determining whether to trust the first Downloadable security profile" | ||
| Finjan's Proposal | Blue Coat's Proposal | Court's Construction |
| Function: determining whether to trust the first Downloadable security profile Structure: network protection engine or computer protection engine | Function: determining whether to trust the first Downloadable security profile Structure: certificate authenticator 515 and Downloadable ID verification engine 520 | Function: determining whether to trust the first Downloadable security profile Structure: certificate authenticator 515 and Downloadable ID verification engine 520 |
|---|---|---|
| "means for comparing the first Downloadable security profile against the security policy if the first Downloadable security profile is trustworthy" | ||
| Finjan's Proposal | Blue Coat's Proposal | Court's Construction |
| Function: comparing the first Downloadable security profile against the security policy if the first Downloadable security profile is trustworthy Structure: network protection engine or computer protection engine | Function: comparing the first Downloadable security profile against the security policy if the first Downloadable security profile is trustworthy Structure: local security policy analysis engine 530 | Function: comparing the first Downloadable security profile against the security policy if the first Downloadable security profile is trustworthy Structure: local security policy analysis engine 530 |
As illustrated by the parties' proposals, the main dispute if over how narrowly or broadly to identify the corresponding structures for each term. Here, the Court is mindful that the "structure disclosed in the specification is 'corresponding' structure only if the specification or prosecution history clearly links or associates that structure to the function recited in the claim. This duty to link or associate structure to function is the quid pro quo for the convenience of employing § 112, ¶ 6." B. Braun Med., Inc. v. Abbott Labs., 124 F.3d 1419, 1424 (Fed. Cir. 1997); see also Saffran v. Johnson & Johnson, 712 F.3d 549, 562 (Fed. Cir. 2013). Moreover, the corresponding structure must actually perform the claimed function, as "[f]eatures that do not perform the recited function do not constitute corresponding structure and thus do not serve as claim limitations." Northrop Grumman Corp. v. Intel Corp., 325 F.3d 1346, 1352 (Fed. Cir. 2003); Cardiac Pacemakers, Inc. v. St. Jude Med., Inc., 296 F.3d 1106, 1119 (Fed. Cir. 2002); Wenger Mfg., Inc. v. Coating Mach. Sys., Inc., 239 F.3d 1225, 1233 (Fed. Cir. 2001).
Finjan's broad identification of structure relies on the '844 Patent Abstract and a passage that states "[b]oth the network protection engine 135 and the computer protection engine 180 examine all incoming Downloadables and stop all Downloadables deemed suspicious." Pl.'s Br. 15; Pl.'s Reply 9-10; see '844 Patent col. 5:14-19, 28:33. This proposal ignores the more detailed description of "[c]omponents and operation of the network protection engine 135 and the computer protection engine 180" described in columns 7 to 8 of the specification and depicted in Figure 5, which illustrates "details of a generic protection engine 500, which exemplifies each of the network protection engine 135 and the computer protection engine 180." '844 Patent col. 7:41-44. As made clear in those disclosures, not all components of the protection engine perform the claimed functions. Instead, the specification specifically links certificate authenticator 515 and Downloadable ID verification engine 520 with the function of determining whether to trust the DSP, id. col. 7:51-60, and the local security policy analysis engine 530 with comparing the attached or generated DSP against local security policies, id. col. 8:6-8.
None of the disclosures identified by Finjan demand a contrary construction. Because Figure 5 depicts a generic protection engine in detail, the components that are identified as the corresponding structure to each function are inherently part of the network and computer protection engines discussed in the passages Finjan quotes in support of its broader construction. See Pl.'s Reply 9 (citing '844 Patent col. 5:24-33). The generic must give way to the specific where, as here, the specification discloses components of the generic protection engine that do not perform the functions of the disputed terms. Therefore, Blue Coat's proposed structures more appropriately identify the specific structures that perform the recited function.
The Court accordingly construes "means for determining whether to trust the first Downloadable security profile" as a means-plus-function term wherein the claimed function is "determining whether to trust the first Downloadable security profile" and the corresponding structure is "certificate authenticator 515 and Downloadable ID verification engine 520." The "means for comparing the first Downloadable security profile against the security policy if the first Downloadable security profile is trustworthy" is construed as a means-plus-function term wherein the claimed function is "comparing the first Downloadable security profile against the security policy if the first Downloadable security profile is trustworthy" and the corresponding structure is "local security policy analysis engine 530."
VI. CONSTRUCTION OF DISPUTED TERMS IN THE '731 PATENT
The parties dispute the proper construction of "network gateway," which appears in claim 7 and dependent claims 13, 14, and 20 of the '731 Patent and "computer gateway," which appears in independent claim 1 and dependent claims 4, 5, and 18 of the '731 Patent. Claim 7 is an exemplary use of "network gateway":
7. A method of operating a network gateway for an intranet of computers, the method comprising:Claim 1 exemplifies the use of "computer gateway":
receiving a request from an intranet computer for a file; determining whether the requested file resides within a file cache at the network gateway;
if said determining is affirmative:
retrieving a security profile for the requested file from a security profile cache at the network gateway . . . ;
if said determining is not affirmative:
retrieving the requested file from the Internet;
scanning the retrieved file to derive a security profile including a list of computer commands that the retrieved file is
programmed to perform;
storing the retrieved file within the file cache for future access; and
storing the security profile for the retrieved file within the security profile cache for future access.
1. A computer gateway for an intranet of computers, comprising:
a scanner for scanning incoming files from the Internet and deriving security profiles for the incoming files, wherein each of the security profiles comprises a list of computer commands that a corresponding one of the incoming files is programmed to perform;
a file cache . . . ; and
a security profile cache . . . ; and
a security policy cache . . . .
"Network gateway" appears only in method claims, and "computer gateway" appears only in apparatus claims. The Court construes these terms together.
| "network gateway" | ||
| Finjan's Proposal | Blue Coat's Proposal | Court's Construction |
| No construction necessary -Plain and ordinary meaning. | device(s) residing between two networks through which all incoming and outgoing network traffic passes | Plain and ordinary meaning. |
| "computer gateway" | ||
| Finjan's Proposal | Blue Coat's Proposal | Court's Construction |
| No construction necessary -Plain and ordinary meaning. | computer residing between two networks through which all incoming and outgoing network traffic passes | Plain and ordinary meaning. |
Blue Coat appears to be seeking construction of these terms for the primary purpose of assisting jury understanding of the patents. Def.'s Br. 24. Blue Coat's constructions, however, do not simply clarify the meaning of "gateway" or explain how one of ordinary skill in the art would have understood the term. Rather, Blue Coat seeks to include a limitation that all network traffic must pass through the network or computer gateway. As Finjan correctly argues, there is no support in the intrinsic record for this limitation, Pl.'s Reply 14-15, and Blue Coat identifies only "the '731 patent's goal of providing network security to an intranet of computers" in support of reading this limitation into the claim, Def.'s Br. 25. In fact, disclosures in the written description and the claims themselves indicate that network gateways can be used to control only incoming traffic or only outgoing traffic. See '731 Patent col. 10:30-52; compare id. cl. 14 with cl. 22. There being no express words of limitation or clear evidence that the '731 Patent addresses network or computer gateways that are the only gateways for an intranet of computers through which all incoming and outgoing network traffic passes, the Court declines to adopt such a limitation.
Blue Coat's proposal for "computer gateway" is even further restrictive in construing the term to require a single computer. The specification indicates that "[t]he gateway computer described hereinabove may be embodied by a plurality of computers. Thus, for purposes of load balancing, a load balanced set of computers may serve as a gateway." '731 Patent col. 10:58-61. Blue Coat offers no explanation, other than emphasis on an indefinite article, for its construction requiring that a "computer gateway" be a single computer. Def.'s Br. 25. The Court therefore also declines to adopt this limitation.
The '731 Patent also lacks consistency in its use of terms, referring to "gateway computer" and "computer gateway" in the specification. While the parties have not argued that these terms are used interchangeably, an examination of the specification suggests that they are. See '731 Patent col. 5:22-8:57, Fig. 1.
Moreover, this interpretation of "computer" as a modifier to "gateway" is inconsistent with Blue Coat's interpretation of "network" as a modifier to "gateway."
--------
Based on the foregoing, the Court construes the terms "network gateway" and "computer gateway" to have their plain and ordinary meanings.
VII. ORDER
For the reasons set forth above, the Court construes the disputed terms as follows:
| Claim Terms | Court's Construction |
| mobile protection code | code that, at runtime, monitors or intercepts actually or potentially malicious code operations |
| means for causing mobile protection code to be communicated to at least one information-destination of the downloadable-information, if the downloadable-information is determined to include executable code | Function: if the downloadable-information is determined to include executable code, causing mobile protection code to be communicated to at least one information-destination of the downloadable-information without modifying the executable code Structure: re-communicating device |
|---|---|
| A computer program product, comprising a computer usable medium having a computer readable program code therein, the computer readable program code adapted to be executed for computer security, the method comprising: providing a system, . . . | The typographical error in the preamble is corrected to read: A computer program product, comprising a computer usable medium having a computer readable program code therein, the computer |
| readable program code adapted to be executed for computer security, comprising: providing a system, . . . | |
| causing mobile protection code to be executed by the mobile code executor at a downloadable-information destination such that one or more operations of the executable code at the destination, if attempted, will be processed by the mobile protection code | Plain and ordinary meaning, wherein the mobile protection code was communicated to the downloadable-information destination without modifying the executable code |
| Downloadable security profile that identifies suspicious code in the received Downloadable | a profile that identifies code in the received Downloadable that performs hostile or potentially hostile operations |
| before [a/the] web server make[s] the Downloadable available to web clients | before [a/the] non-network gateway web server make[s] the Downloadable available to web clients |
| means for determining whether to trust the first Downloadable security profile | Function: determining whether to trust the first Downloadable security profile Structure: certificate authenticator 515 and Downloadable ID verification engine 520 |
|---|---|
| means for comparing the first Downloadable security profile against the security policy if the first Downloadable security profile is trustworthy | Function: comparing the first Downloadable security profile against the security policy if the first Downloadable security profile is trustworthy Structure: local security policy analysis engine 530 |
| network gateway | Plain and ordinary meaning. |
| computer gateway | Plain and ordinary meaning. |
Dated: October 20, 2014
/s/_________
BETH LABSON FREEMAN
United States District Judge