Summary
rejecting defendant’s proposed limiting of "content processor" to the specific embodiment describing "software that renders the content for interactive viewing on a display monitor"
Summary of this case from Finjan, Inc. v. Juniper Networks, Inc.Opinion
Case No.14-cv-02998-HSG
02-10-2017
FINJAN, INC., Plaintiff, v. SYMANTEC CORP., Defendant.
CLAIM CONSTRUCTION ORDER
Re: Dkt. Nos. 72, 151
Plaintiff Finjan, Inc. filed this patent infringement action against Defendant Symantec Corp. The parties seek construction of a total of twelve claim terms found in eight patents: Patent Nos. 6,154,844 ("'844 Patent"), 7,613,926 ("'926 Patent"), 8,677,494 ("'494 Patent"), 7,756,996 ("'996 Patent"), 7,930,299 ("'299 Patent"), 8,015,182 ("'182 Patent"), 7,757,289 ("'289 Patent"), and 8,141,154 ("'154 Patent"). This order follows claim construction briefing, a technology tutorial, a claim construction hearing, two rounds of supplemental claim construction briefing, and a supplemental claim construction hearing held on January 20, 2017.
Following the original claim construction briefing and hearing, the Court granted Defendant's motion to stay the case pending IPR proceedings. Dkt. No. 117. After the U.S. Patent Trial and Appeal Board denied institution of IPR on ten of the eleven petitions filed, the Court lifted the stay at the parties' joint request. Dkt. Nos. 124, 127.
I. LEGAL STANDARD
Claim construction is a question of law to be determined by the Court. Markman v. Westview Instruments, Inc., 517 U.S. 370, 384 (1996). "The purpose of claim construction is to determine the meaning and scope of the patent claims asserted to be infringed." O2 Micro Int'l Ltd. v. Beyond Innovation Tech. Co., 521 F.3d 1351, 1360 (Fed. Cir. 2008) (internal quotation marks omitted).
Generally, claim terms should be "given their ordinary and customary meaning"—i.e., "the meaning that the terms would have to a person of ordinary skill in the art at the time of the invention." Phillips v. AWH Corp., 415 F.3d 1303, 1312-13 (Fed. Cir. 2005) (en banc) (internal quotation marks omitted). There are only two circumstances where a claim is not entitled to its plain and ordinary meaning: "1) when a patentee sets out a definition and acts as his own lexicographer, or 2) when the patentee disavows the full scope of a claim term either in the specification or during prosecution." Thorner v. Sony Computer Entm't Am. LLC, 669 F.3d 1362, 1365 (Fed. Cir. 2012).
When construing claim terms, the Federal Circuit emphasizes the importance of intrinsic evidence such as the language of the claims themselves, the specification, and the prosecution history. Phillips, 415 F.3d at 1312-17. The claim language can "provide substantial guidance as to the meaning of particular claim terms," both through the context in which the claim terms are used and by considering other claims in the same patent. Id. at 1314. The specification is likewise a crucial source of information. Id. at 1315-17. Although it is improper to read limitations from the specification into the claims, the specification is "the single best guide to the meaning of a disputed term." Id. at 1315 ("[T]he specification is always highly relevant to the claim construction analysis. Usually, it is dispositive." (internal quotation marks omitted)); see also Merck & Co. v. Teva Pharms. USA, Inc., 347 F.3d 1367, 1371 (Fed. Cir. 2003) ("[C]laims must be construed so as to be consistent with the specification . . . .").
Despite the importance of intrinsic evidence, courts may also consider extrinsic evidence—technical dictionaries, learned treatises, expert and inventor testimony, and the like—to help construe the claims. Phillips, 415 F.3d at 1317-18. For example, dictionaries may reveal what the ordinary and customary meaning of a term would have been to a person of ordinary skill in the art at the time of the invention. Frans Nooren Afdichtingssystemen B.V. v. Stopaq Amcorr Inc., 744 F.3d 715, 722 (Fed. Cir. 2014) ("Terms generally carry their ordinary and customary meaning in the relevant field at the relevant time, as shown by reliable sources such as dictionaries, but they always must be understood in the context of the whole document—in particular, the specification (along with the prosecution history, if pertinent)."). Extrinsic evidence is, however, "less significant than the intrinsic record in determining the legally operative meaning of claim language." Phillips, 415 F.3d at 1317 (internal quotation marks omitted).
II. DISPUTED TERMS
For the first time the Court can recall in any of its patent cases, the parties have failed to reach agreement as to the construction of even one initially disputed claim term.
A. "Downloadable" ('844, '926, '494)
| Finjan's Construction | Symantec's Construction |
|---|---|
| an executable application program, which isdownloaded from a source computer and runon the destination computer | mobile code that is requested by an ongoingprocess and downloaded from a source computerto a destination computer for automaticexecution |
The Court adopts Finjan's construction.
The parties' dispute concerning this term reduces to whether an explicit definition in the specification controls over a narrower definition referenced in the prosecution history. Finjan argues that the '844 Patent expressly defines the term "Downloadable" in its specification:
A Downloadable is an executable application program, which is downloaded from a source computer and run on the destination computer.'844 Patent at 1:44-47. Finjan asserts that this express definition ends the inquiry. See Edwards Lifesciences LLC v. Cook Inc., 582 F.3d 1322, 1329 (Fed. Cir. 2009) (holding that the court will adopt a definition where "the patentee acted as his own lexicographer and clearly set forth a definition of the disputed claim term in either the specification or prosecution history" (internal quotation marks omitted)).
Symantec proposes a construction drawn from the prosecution history of another Finjan patent (the '194 Patent), which predates the patents at issue in this case. According to Symantec, the examiner rejected the initial '194 Patent application over U.S. Patent No. 5,623,600 (the "Ji Patent"). The Ji Patent disclosed a virus scanner that "detect[s] . . . viruses attached to executable files." Dkt. No. 74 ("Def. Resp. Br.") at 2. Symantec directs the Court to a passage of the prosecution history in which it argues that the inventors of the '194 Patent distinguished their invention from the Ji Patent on the ground that the Ji Patent "does not teach hostile Downloadable detection," because "[a]s is well known in the art, a Downloadable is mobile code that is requested by an ongoing process, downloaded from a source computer to a destination computer for automatic execution." Id. (internal quotation marks omitted) (emphasis in original).
The Court adopts Finjan's construction, and agrees that the patentee acted as his own lexicographer in defining this term. The Court is not persuaded by Symantec's argument based on the prosecution history of the '194 patent, and finds that the cited history does not reflect a "clear and unmistakable disavowal" in any event. See Verizon Servs. Corp. v. Vonage Holdings Corp., 503 F.3d 1295, 1306 (Fed. Cir. 2007) ("To operate as a disclaimer, the statement in the prosecution history must be clear and unambiguous, and constitute a clear disavowal of scope.").
B. "Database" ('926, '494)
| Finjan's Construction | Symantec's Construction |
|---|---|
| a collection of interrelated data organizedaccording to a database schema to serve oneor more applications | Organized collection of data |
The Court adopts Finjan's construction.
When engaging in claim construction, district courts have granted "reasoned deference" to claim construction orders outside their jurisdiction that address the same term in the same patent, given the importance of uniformity in claim construction. See Visto Corp. v. Sproqit Techs., Inc., 445 F. Supp. 2d 1104, 1108 (N.D. Cal. 2006); Maurice Mitchell Innovations, L.P. v. Intel Corp., No. 2:04-CV-450, 2006 WL 1751779, at *4 (E.D. Tex. June 21, 2006), aff'd, 249 F. App'x 184 (Fed. Cir. 2007); see also Finisar Corp. v. DirecTV Grp., Inc., 523 F.3d 1323, 1329 (Fed. Cir. 2008) ("In the interest of uniformity and correctness, this court consults the claim analysis of different district courts on the identical terms in the context of the same patent.") Under this standard, the court considers the prior claim construction order for its persuasive value, while still ultimately reaching its own independent judgment. Visto, 445 F. Supp. 2d at 1108-09; Maurice Mitchell, 2006 WL 1751779, at *4; see also B-50.com, LLC v. InfoSync Servs., LLC, No. 3:10-CV-1994-D, 2012 WL 4866508, at *4 (N.D. Tex. Oct. 15, 2012) (deferring "where appropriate" to construction of same patent claim by court outside jurisdiction in furtherance of the "patent law goal of uniformity"). If anything, to the extent possible, the degree of deference should be greater where the prior claim construction order was issued in the same jurisdiction. As observed by Judge Chen, the Supreme Court has stressed the particular importance of intrajurisdictional uniformity in claim construction, see Visto, 445 F. Supp. 2d at 1107-08 (discussing Markman, 517 U.S. at 390-91), such that claim construction orders from within the jurisdiction arguably should receive greater deference than those from outside it, see id. at 1108.
In Finjan, Inc. v. Sophos, Inc., No. 14-CV-01197-WHO, 2015 WL 890621, at *2-4 (N.D. Cal. Mar. 2, 2015), Judge Orrick adopted Finjan's identical proposed construction of "database" in the same patents at issue here, on the ground that this construction reflects the patents' "context" and the "well-accepted definition of the term." While still independently weighing the arguments made by the parties here, the Court is persuaded by Judge Orrick's thorough reasoning for adopting Finjan's construction, and accepts that reasoning in toto to arrive at the same construction of "database" here. The Court's holding is also consistent with the policy favoring uniformity in claim construction to the extent possible, particularly within the same district.
C. "Means for Receiving a Downloadable" ('844)
| Finjan's Construction | Symantec's Construction |
|---|---|
| Function: receiving a DownloadableStructure: Downloadable file interceptor | Function: receiving a DownloadableStructure: indefinite |
The Court adopts Finjan's construction.
As reflected above, the parties do not dispute that this is a means-plus-function claim under section 112(f), or that the claimed function is "receiving a Downloadable." Compare Dkt. No. 72 ("Pl. Br.") at 11-12 with Def. Resp. Br. at 8-9. Instead, their dispute concerns the corresponding structure that performs that function. Compare Pl. Br. at 12-13 with Def. Resp. Br. 9-10. Symantec argues that "means for receiving a Downloadable" is indefinite because Finjan's proposed structure—a Downloadable file interceptor—is a general purpose processor or computer "programmed to perform the disclosed algorithm," Def. Resp. Br. at 9, but the '844 Patent does not disclose an algorithm for performing that function. See Noah Sys., Inc. v. Intuit Inc., 675 F.3d 1302, 1317 (Fed. Cir. 2012) ("[R]estat[ing] the function associated with the means-plus-function limitation . . . is insufficient to provide the required corresponding structure."). Finjan asserts that the specification designates the "Downloadable file interceptor" as the structure performing the "receiving a Downloadable" function, and that the Federal Circuit's decision in In re Katz Interactive Call Processing Patent Litig., 639 F.3d 1303 (Fed. Cir. 2011), requires no more.
The Court agrees that the specification of the '844 Patent designates the "Downloadable file interceptor" as the structure that performs the "receiving a Downloadable" function. "Downloadable file interceptor" is mentioned in the specification several times. Figure 5 labels a "Downloadable file interceptor" in a flow chart. The specification states that Figure 5 represents "a generic protection engine [ ], which . . . includes a Downloadable file interceptor 505 for intercepting incoming Downloadables (i.e. Downloadable files) for inspection, and a file reader . . . ." '844 Patent at 7:41-58 (emphasis added). The specification also uses the term "Downloadable file interceptor" in relation to Figure 7, described as "a flowchart illustrating a method 700 for examining a Downloadable (whether or not signed and inspected)." Id. at 9:19-22. The method 700 "begins with the Downloadable file interceptor 505 in step 705 receiving a Downloadable file." Id. at 9:22-23 (emphasis added). These passages clearly identify the "Downloadable file interceptor" as the corresponding structure.
The key question is whether, under the Katz exception, the patentee was excused from disclosing an algorithm performing the "receiving" function. Katz states that "[a]bsent a possible narrower construction of the terms 'processing,' 'receiving,' and 'storing,' discussed below, those functions can be achieved by any general purpose computer without special programming. As such, it [is] not necessary to disclose more structure than the general purpose processor that performs those functions." Katz, 639 F.3d at 1316. The Federal Circuit discussed the Katz exception at some length in EON Corp. IP Holdings LLC v. AT&T Mobility LLC, 785 F.3d 616 (Fed. Cir. 2015). The EON decision characterized the Katz exception as "narrow," and read the case to stand for the principle that "a microprocessor can serve as structure for a computer-implemented function only where the claimed function is 'coextensive' with a microprocessor itself." Id. at 621-22. EON cited "'receiving' data, 'storing' data, and 'processing' data"—the functions at issue in Katz—as "[e]xamples of such coextensive functions." Id. at 622. EON held that "[a] microprocessor or general purpose computer lends sufficient structure only to basic functions of a microprocessor," and indicated that "[a]ll other computer-implemented functions require disclosure of an algorithm." Id. at 623.
Symantec argues that the Katz exception does not apply because that decision only concerns functions that can be performed by a "general purpose computer without special programming." Def. Resp. Br. at 9-10 (citing Katz, 639 F.3d at 1316). In support of its argument, Symantec offers the opinion of Dr. Richard Ford, who contends that receiving a downloadable at a network gateway is a "non-trivial" task that does require special programing.
Receiving a Downloadable at a network gateway is a non-trivial task. I have experience developing software that performs this task. It requires that the Downloadable file interceptor parse the network protocol that is sending the downloadable. This activity needs to happen at multiple levels; for example, for the case of a file sent over HTTP, the Downloadable file interceptor would need to be able to track traffic in multiple different protocols, including HTTP, TCP, IP and ICMP. Furthermore, the system would need to act as a bridge, not only intercepting traffic, but also sending some traffic on to its destination. An additional complication is that network packets can be fragmented into smaller "chunks." These chunks need to be re-assembled in order to recover the higher-level information. The Downloadable file interceptor must also be able to deal with packets that are dropped during transmission. All this requires programming to perform these specialized tasks.Dkt. No. 74-1 ("Ford Decl.") at ¶ 43. Finjan argues that Dr. Ford's opinion is "unsupported," Dkt. No. 77 ("Pl. Reply Br.") at 7, and directs the Court to the declaration of its own expert, Dr. Nenad Medvidovic. Dr. Medvidovic opines that "[a] person of ordinary skill in the art would be able to determine the proper function and structure of this element with a reasonable certainty when the claim is read in light of the specification and prosecution history." Dkt. No. 72-1 ("Medvidovic Decl.") at ¶ 18.
The Court does not find Dr. Medvidovic's declaration relevant to the key issue under Katz. See EON, 785 F.3d at 623 ("EON also argues that a microprocessor can serve as sufficient structure for a software function if a person of ordinary skill in the art could implement the software function. This argument is meritless. In fact, we have repeatedly and unequivocally rejected this argument: a person of ordinary skill in the art plays no role whatsoever in determining whether an algorithm must be disclosed as structure for a functional claim element."). However, the Court agrees with those courts that have found that "means for receiving" functions are not indefinite when they fail to specify an algorithm. See Sophos, 2015 WL 890621, at *8-9 (holding that the '844 patent need not specify an algorithm as the corresponding structure to the simple "Receiving a Downloadable" function); Freeny v. Murphy USA Inc., No. 2:13-CV-791-RSP, 2015 WL 294102, at *37 (E.D. Tex. Jan. 21, 2015) ("means for receiving" data does not require algorithm); e-LYNXX Corp. v. Innerworkings, Inc., No. 1:10-CV-2535, 2012 WL 4484921, at *19 (M.D. Pa. Sept. 27, 2012) ("means for receiving an electronic communication" does not require disclosed algorithm). But see Porto Tech. Co. v. Cellco P'ship, No. 3:13CV265-HEH, 2013 WL 6571844, at *6-7 (E.D. Va. Dec. 13, 2013) ("means for receiving" traffic map does not fall under Katz exception).
The Court finds that the Federal Circuit's reasoning in EON supports this conclusion. EON directly reaffirmed that "receiving data" is a function coextensive with the microprocessor so as not to require disclosure of an algorithm. 785 F.3d at 622. The Court does not find anything in Dr. Ford's opinion to overcome this straightforward holding. While Dr. Ford asserts that a number of more complex operations ultimately need to occur at the network gateway, the Court agrees with Judge Orrick's conclusion in Sophos that the context of the '844 Patent establishes that "'Receiving a Downloadable' is a simple function that consists of accepting or intercepting downloaded content when it is initially downloaded and before more complex operations process the file," so as to be performable by a general purpose microprocessor. 2015 WL 890621 at *9.
D. "Means for Generating a First Downloadable Security Profile that Identifies Suspicious Code in the Received Downloadable" ('844)
| Finjan's Construction | Symantec's Construction |
|---|---|
| Function: generating a first Downloadablesecurity profile that identifies suspiciouscode in the received Downloadable | Function: generating a first Downloadablesecurity profile that identifies suspicious code inthe received Downloadable |
| Structure: content inspection engineprogrammed to perform the algorithmdisclosed at Col. 8, lines 51-60 of the '844Patent, which involves performing the stepsof examining the operations of the receivedDownloadable, comparing the operations ofthe received Downloadable to a list ofsuspicious operations or rules, and creating adata structure based on matches to suspiciousoperations or rules violations | Structure: a processor programmed to performthe algorithm disclosed at col. 5, lines 42-45 andcol. 9, lines 20-42 of U.S. Patent No. 6,092,194 |
The Court adopts the undisputed construction of the term's function and adopts in part Finjan's construction of the term's structure. Specifically, the Court construes the term's structure as "content inspection engine programmed to perform the algorithm disclosed at Col. 8, lines 51-60 of the '844 Patent."
The parties do not dispute that the function of this claim is "generating a first Downloadable security profile that identifies suspicious code in the received Downloadable." Compare Pl. Br. at 13-14 with Def. Resp. Br. at 11. And, based on the parties' supplemental briefs, there is no longer a dispute that the structure must consist of an algorithm, as required by the Federal Circuit's holding that "[a] computer-implemented means-plus-function term is limited to the corresponding structure disclosed in the specification and equivalents thereof, and the corresponding structure is the algorithm." Harris Corp. v. Ericsson Inc., 417 F.3d 1241, 1253-54 (Fed. Cir. 2005) (finding that district court erred in construing structure as a "symbol processor," because that construction did not incorporate any disclosed algorithm); see also WMS Gaming, Inc. v. Int'l Game Tech., 184 F.3d 1339, 1348 (Fed. Cir. 1999) (finding that district court erred by failing to limit the claim to the algorithm disclosed in the specification). However, the parties now offer competing identifications of the algorithm comprising the structure.
Plaintiff initially proposed to define the structure as "content inspection engine." See Pl. Br. at 13-14. The Court ordered supplemental briefing after lifting the stay, pointing out that Plaintiff's construction appeared inconsistent with the requirements of Harris Corp. and WMS Gaming. Dkt. No. 164. Plaintiff then abandoned its proposed construction and offered a new one. Dkt. No. 166 ("Pl. Add'l Supp. Br."). At oral argument on the supplemental claim construction briefs, Plaintiff's counsel could offer no explanation as to why its initial construction failed to meet the requirements of binding Federal Circuit authority that is over ten years old. The Court does not appreciate having its time wasted in this manner, and finds it unacceptable that Plaintiffs complied with plainly applicable authority only after being prompted long after the parties submitted their proposed constructions.
The Federal Circuit has explained that "[t]he usage 'algorithm' in computer systems has broad meaning, for it encompasses 'in essence a series of instructions for the computer to follow, whether in mathematical formula, or a word description of the procedure to be implemented by a suitably programmed computer." Typhoon Touch Techs., Inc. v. Dell, Inc., 659 F.3d 1376, 1384 (Fed. Cir. 2011) (citation omitted). "The specification can express the algorithm 'in any understandable terms including as a mathematical formula, in prose, or as a flow chart, or in any other manner that provides sufficient structure.'" Noah Sys., Inc., 675 F.3d at 1312 (quoting Finisar, 523 F.3d at 1340). The specification itself must adequately disclose the algorithm, and "the testimony of one of ordinary skill in the art cannot supplant the total absence of structure from the specification." Id. (internal quotation marks omitted).
The Court finds that Finjan's identification of the algorithm is correct, but declines to include its paraphrasing in the claim construction. The "content inspection engine" is mentioned many times in the patent specification. The overall function and structure of the content inspection engine is described in the summary of the invention as follows:
The inspector includes a content inspection engine that uses a set of rules to generate a Downloadable security profile corresponding to a Downloadable. The content inspection engine links the Downloadable security profile to the Downloadable. The set of rules may include a list of suspicious operations, or a list of suspicious code patterns. The first content inspection engine may link to the Downloadable a certificate that identifies the content inspection engine which created the Downloadable security profile. The system may include additional content inspection engines for generating and linking additional Downloadable security profiles to the Downloadable.'844 Patent at 2:3-14 (emphasis added). This language demonstrates that the content inspection engine performs the function of "generating a first Downloadable security profile for the received Downloadable." See id. at 2:51-52; see also id. at 2:3-5 ("[A] content inspection engine . . . uses a set of rules to generate a Downloadable security profile . . . ."). Similarly, it is clear that "[t]he content inspection engine links the Downloadable security profile to the Downloadable." Id. at 2:5-7.
Both parties contend that the '194 patent is incorporated by reference in the '844 patent, compare Pl. Add'l Supp. Br. at 3-4 with Dkt. No. 165 ("Def. Add'l Supp. Br.") at 4-5, and both sides refer to column 9, lines 24-28 and 34-42 of the '194 patent in their additional supplemental briefs as relevant to identifying the means for the "generating" function, compare Pl. Add'l Supp. Br. at 5 with Def. Add'l Supp. Br. at 5. But the '844 patent nowhere specifically identifies a particular section of the '194 patent as setting out the algorithm for that function. See '844 Patent at 4:59-64 (asserting that "[g]enerating a DSP and generating a Downloadable ID are described in great detail with reference to the patent application [that led to issuance of the '194 Patent], which has been incorporated by reference above," but failing to cite any particular section of the application containing this "great detail"); compare Advanced Display Sys., Inc. v. Kent State Univ., 212 F.3d 1272, 1282 (Fed. Cir. 2000) ("To incorporate material by reference, the host document must identify with detailed particularity what specific material it incorporates and clearly indicate where that material is found in the various documents."). The parties' dispute thus appears to come down to whether the identified sections of the '194 patent are themselves the algorithm, or whether instead the narrative summary of steps described in the '844 patent is sufficient on its own to supply the required algorithm.
Confronted with a hodgepodge of vague and cryptically-drafted cross-references, the Court takes the simplest tack and finds the algorithm to be the series of steps set out in the '844 patent at 8:51-60, which describe in narrative form how to "generat[e] a DSP." Specifically, that portion of the '844 patent states as follows:
As stated above, generating a DSP includes examining the Downloadable 205 (and the Downloadable components) for all suspicious operations that will or may be performed by the Downloadable, all suspicious code patterns, all known viruses, etc. Generating a DSP may include comparing all operations that will or may be performed against a list of suspicious operations or against a list of rules, e.g., a rules base 165. Accordingly, if an operation in the Downloadable 205 matches one of the suspicious operations or violates one of the rules, then the operation is listed in the DSP 215.'844 patent at 8:51-60. This narrative algorithm is similar to ones that have been found by the Federal Circuit to disclose sufficient structure. See Typhoon Touch, 659 F.3d at 1385-86 (four-step algorithm for "computer-implemented cross-referencing" disclosed sufficient structure, where algorithm consisted of entry of a response, search for entered response in a library of responses, determination of whether a match existed, and execution of an action if match existed); Noah Sys., 675 F.3d at 1313 (algorithm for "means for providing access" was sufficiently disclosed where specification provided that authorized agents were provided with passcodes and could not enter, delete, review, adjust or process data inputs within master ledger unless passcode was verified). The Court declines to further paraphrase the algorithm as suggested by Finjan. // // //
E. "Means for Linking the First Downloadable Security Profile to the Downloadable Before a Web Server Makes the Downloadable Available to Web Clients" ('844)
| Finjan's Construction | Symantec's Construction |
|---|---|
| Function: linking the first Downloadablesecurity profile to the Downloadable before aweb server makes the Downloadableavailable to web clients | Function: linking the first Downloadablesecurity profile to the Downloadable before aweb server makes the Downloadable availableto web clients |
| Structure: content inspection engineprogrammed to perform the algorithmdisclosed at col. 6, lines 20-24 of the '844Patent, which involves performing the stepof associating the Downloadable with aDownloadable security profile | Structure: a processor programmed to performthe algorithm of steps 630 and 645 disclosed atFig. 6, col. 8 lines 65-67, col. 6, lines 13-24, andcol. 5, lines 3-13 |
The Court adopts the undisputed construction of the term's function, but accepts neither party's construction of the term's structure. Instead, the Court adopts the following construction of the term's structure: "content inspection engine programmed to perform the algorithm of step 630 disclosed at Fig. 6; col. 8, lines 65-67; and col. 6, lines 13-24."
Again, the parties agree that the function for this term is "linking the first Downloadable security profile to the Downloadable before a web server makes the Downloadable available to web clients," but they differ in identifying the algorithm that performs this function.
As with the "generating" function, the '844 patent makes clear that the content inspection engine also performs the "linking" function. '844 Patent at 2:5-7 ("The content inspection engine links the Downloadable security profile to the Downloadable"). Finjan contends that the section of the '844 patent it identifies describes a "single step algorithm" for the "linking" function. Pl. Add'l Supp. Br. at 7. Symantec argues that the algorithm is an amalgam of three separate sections of the patent plus Figure 6. Def. Resp. Br. at 13-14; Def. Add'l Supp. Br. at 5-6.
The parties have one relatively superficial dispute and one more significant dispute. First, Symantec cites the same language as Finjan regarding the "means for linking" portion of the claim, but adds a few additional sentences and a reference to Figure 6 (the figure discussed in the section of text it adds). Compare Pl. Add'l Supp. Br. at 6-7 (identifying Column 6, lines 20-24 as the algorithm) with Def. Add'l Supp. Br. at 5-6 (identifying part of the algorithm as Column 6, lines 20-24; but also adding Column 6, lines 13-20; Column 8, lines 65-67; Column 5, lines 3-13; and Figure 6). Second, and more substantively, Symantec asserts that "[t]he claimed function requires two events to occur, 'linking the first Downloadable security profile' and 'a web server mak[ing] the Downloadable available to web clients." Def. Resp. Br. at 13; Def. Add'l Supp. Br. at 5-6. Finjan disagrees that the claim includes two separate functions or events. Pl. Reply Br. at 9.
As to the first dispute, the Court has some doubt that either party has sufficiently identified any algorithm that performs the "means for linking" function. Finjan's asserted "single-step algorithm" is a section of the specification explaining that "[t]he term 'linking' herein will be used to indicate an association between the Downloadable 205 and the DSP 215 (including using a pointer from the Downloadable 195 to the DSP 215, attaching the DSP 215 to the Downloadable 205, etc.)." '844 Patent at 6:20-24. But that language appears to simply restate the function "linking the first Downloadable security profile to the Downloadable" rather than providing an algorithm for how that function is accomplished, an approach the Federal Circuit has found to be insufficient. See Aristocrat Techs. Australia Pty Ltd. v. Int'l Game Tech., 521 F.3d 1328, 1334 (Fed. Cir. 2008) (specification did not contain an algorithm sufficient to disclose structure, when language identified by plaintiff "simply describe[d] the function to be performed, not the algorithm by which it is performed").
Symantec's proposed algorithm, however, adds little detail on this point. Spliced together, the sections of the specification that Symantec claims identify the algorithm would read:
The content inspection engine 160 in step 630 attaches the DSP 215 and the Dowloadable ID 220 to the Downloadable archive file, i.e., to the signed Downloadable. Although the signed inspected Downloadable 195 illustrates the DSP 215 (and Downloadable ID 220) as an attachment, one skilled in the art will recognize that the DSP 215 can be linked to the Downloadable 205 using other techniques. For example, the DSP 215 can be stored in the network system 100, and alternatively a pointer to the DSP 215 can be attached to the signed inspected Downloadable 195. The term 'linking' herein will be used to indicate an association between the Downloadable 205 and the DSP 215 (including using a pointer from the Downloadable 195 to the DSP 215, attaching the DSP 215 to the Downloadable 205, etc.).'844 Patent at 8:65-67, 6:14-24. This slightly expanded language also does not appear to the Court to be an algorithm that specifies how the function will be performed. However, because neither party argues that the function is indefinite for lack of an algorithm, and because both constructions cover the same concept, the Court adopts Symantec's identified sections of the specification that set out the slightly fuller narrative above, as well as the reference to Step 630 of Figure 6.
The Court rejects Symantec's argument that additional language must be included because the function "requires two events to occur." On their face, the claims describe linking that occurs "before a web server makes the Downloadable available to web clients." See, e.g., '844 Patent at 11:19-21 (claim 1). It does not say that the Dowloadable then must actually be made available as a part of this function: it only says that the linking has to occur before the Downloadable has been made available. To the contrary, the specification explains that the point of the invention is to "block" Downloadables containing "suspicious operations," '844 Patent at 2:65-3:2, with the consequence that blocked Downloadables are not made available at all. See Dkt. No. 151-1 ("Medvidovic Supp. Decl.") at ¶ 13 (explaining that "[e]ffectively, . . . the Downloadable is blocked or prevented from reaching the web client"). Symantec's bracketed change of "makes" to "mak[ing]" thus mischaracterizes the nature of the claims. For that reason, this case is fundamentally unlike Noah Systems, the sole case upon which Symantec relies, because the claim in that case clearly described two separate actions. See 675 F.3d at 1313-14 (finding that two functions were recited in claim describing function of " providing access to the file . . . for the first entity . . . so that the first entity . . . can perform one or more of the activities selected from the group consisting of entering, deleting, reviewing, adjusting and processing the data inputs") (italicized emphasis in original; bold emphasis added). Accordingly, the Court will not include Symantec's language focused on how a Download is made available to a web client in construing the algorithm for this function. // // //
The Court construes the phrase "before a web server makes the Downloadable available to web clients" below. --------
F. "Protecting a Computer from Dynamically Generated Malicious Content" ('289, '154)
| Finjan's Construction | Symantec's Construction |
|---|---|
| No construction necessary of preamble. Ifconstrued, plain and ordinary meaning shouldapply | Preamble is limiting. Protecting a computerfrom malicious content that is generated atrun-time |
The Court agrees with Finjan that the preamble is not limiting, and need not be construed.
The parties disagree whether the preamble to many of the independent claims in the '289 and '154 Patents limits those claims and, if so, what that limitation provides. The Federal Circuit has explained that:
A preamble is generally construed to be limiting if it recites essential structure or steps, or if it is necessary to give life, meaning, and vitality to the claim. For example, the preamble may be construed as limiting when it recites particular structure or steps that are highlighted as important by the specification. Additionally, when limitations in the body of the claim rely upon and derive antecedent basis from the preamble, then the preamble may act as a necessary component of the claimed invention.Proveris Sci. Corp. v. Innovasystems, Inc., 739 F.3d 1367, 1372 (Fed. Cir. 2014) (internal quotation marks, brackets, and citations omitted).
The titles of the '289 and '154 Patents explicitly reference dynamically generated malicious content. See '289 and '154 Patents at Title ("System and Method for Inspection Dynamically Generate Executable Code"). Moreover, the specifications of the patents contain a number of references to the fact that the invention is directed towards the inspection of "dynamically generated" content. For example, the first sentence of the "Detailed Description" of both the '289 and '154 Patents identifies the invention as "concern[ing] systems and methods for protecting computers from dynamically generated malicious code." See '289 Patent at 8:48-50; '154 Patent at 8:38-40.
There is, however, countervailing evidence that the inventions are not so narrowly limited. The first paragraph of the "Summary of the Description" of both the '289 and '154 Patents discloses that the behavioral analysis implemented by the patents affords protection against both dynamic and static computer viruses:
The present invention concerns systems and methods for
implementing new behavioral analysis technology. The new behavioral analysis technology affords protection against dynamically generated malicious code, in addition to conventional computer viruses that are statically generated.'289 Patent at 4:37-41 (emphasis added); '154 Patent at 4:30-34 (emphasis added). A sentence towards the end of the "Detailed Description" repeats the express assertion that the inventions protect against statically generated malicious code. See '289 Patent at 17:38-41 ("Having read the above disclosure, it will be appreciated by those skilled in the art that the present invention can be used to provide protection to computers against both statically and dynamically generated malicious code.") (emphasis added)); '154 Patent at 17:8-11 (same).
The Court finds that the specification discloses that the inventions apply to both statically and dynamically generated content. Far from "highlight[ing]" that its application to dynamically generated content is an "important" structure or step, see Proveris, 739 F.3d at 1372, the specification expressly states that the inventions may also be used to protect against other kinds of content. The patents understandably focus on the inventions' application to dynamically generated malicious code (i.e., the new type of virus that is "generated only at run-time, thus thwarting conventional reactive analysis and conventional gateway level protective behavioral analysis[,]" '289 Patent at 3:34-37), because that is the novel "problem" that the inventions claim to be uniquely situated to address. But the language of the patents does not support Symantec's claim that the preamble is limiting: although the patents discuss the inventions' application to this new type of virus, they expressly claim that the inventions also afford protection against statically generated content.
Accordingly, the Court finds that the "dynamically generated malicious content" preamble is not limiting, and need not be construed. The preamble does not "recite[ ] essential structure or steps," and is not "necessary to give life, meaning, and vitality to the claim." Proveris, 739 F.3d at 1372 (internal quotation marks omitted).
G. "Content Processor" ('289, '154)
| Finjan's Construction | Symantec's Construction |
|---|---|
| No construction necessary—Plain and ordinarymeaning | software that renders the content forinteractive viewing on a display monitor |
The Court adopts Finjan's construction.
"Content processor" appears in claim 10 of the '289 Patent and claims 1 and 6 of the '154 Patent. Finjan argues that no construction of the term is necessary and that the plain and ordinary meaning should apply, i.e., a processor that processes content. Pl. Br. at 18-19. Symantec argues that there is no well-known meaning of the term "content processor" and that the Court should construe the term in light of its specification, which Symantec argues defines the term as "software that renders content for interactive viewing on a display monitor." Def. Resp. Br. at 17-18.
The parties' dispute boils down to whether the italicized phrase in the statement "[c]lient computer 110 includes a content processor 170, such as a conventional web browser, which processes Internet content and renders it for interactive viewing on a display monitor" is limiting. Patent '289 at 2:64-67 (emphasis added). Finjan argues that the italicized language is a characteristic of a web browser; Symantec argues that it is a characteristic of all content processors. In support of its argument, Symantec offers a lesson on comma placement. It argues that Finjan misreads the sentence because "[t]he placement of a comma after 'web browser' indicates that 'web browser' is an example of a 'content processor,'" and contends that "[h]ad the inventors actually intended to state that a 'web browser which processes Internet content' were an example of a content processor, the inventors would have omitted the second comma." Def. Resp. Br. at 18.
While Symantec's analysis might have some force in a vacuum, the remainder of the specification militates strongly against Symantec's reading. The specification contains numerous references to a content processor processing content without any reference to the "interactive viewing" component proposed by Symantec. See, e.g., Patent '289 at 5:57-59 ("[A] content processor for processing the modified content, and for invoking the original function only if the indicator indicates that such invocation is safe[.]"); id. at 7:31-35 ("[A] content processor (i) for processing content received over a network, the content including a call to a first function, and the call including an input, and (ii) for invoking a second function with the input, only if a security computer indicates that such invocation is safe[.]"); id. at 13:23-25 ("[W]hen content processor 270 resumes processing, it adds the modified input into the HTML page."); id. at 16:15-19 ("Content processor 470 processes the modified content and, while processing the modified content, if it encounters a substitute function call it sends the function's input to inspector 475 for inspection, and suspends processing of the modified content.") In fact, some portions of the specification cite a web browser as an example of a content processor without the limitation that either it (or content processors generally) render content for "interactive viewing on a display monitor." See id. at 15:64-67 ("Client computer 410 includes a content processor 470, such as a web browser, which processes content received from the network."); id. at 11:15-17 ("Content processor 270 processes the modified content generated by content modifier 265. Content processor may be a web browser running on client computer 210.").
The Court will not cherry-pick a limiting definition from one sentence of the specification in light of this overwhelming contradictory evidence. When the specification and claims are read as a whole, the Court finds that a person of ordinary skill in the art would not interpret the term "content processor" to mean software that necessarily includes the ability to render content for interactive viewing on a display monitor. That capability is not referenced in the claims anywhere, and it exists in only one sentence of the specification. Even that singular reference in the specification is (at best for Symantec) ambiguous concerning whether the limiting language applies to a content processor or a web browser. When viewed in context—and regardless of the comma placement—the "interactive viewing on a display monitor" restriction is more appropriately read as applying to a web browser, which is merely one example of a content processor.
Accordingly, the Court finds that "content processor" should be given its plain and ordinary meaning, and further finds that the plain and ordinary meaning of this term does not include the limitation "software that renders the content for interactive viewing on a display monitor." See Finjan, Inc. v. Secure Comput'g Corp., 626 F.3d 1197, 1207 (Fed. Cir. 2010) (plain and ordinary meaning construction satisfied the requirements of O2 Micro where district court rejected defendant's proposed construction as improperly narrow, and precluded defendant from reconstruing the term at trial through its expert); see also Eon CorpIP Holdings LLC v. Aruba Networks Inc, 62 F. Supp. 3d 942, 953 (N.D. Cal. 2014) ("If the Court agrees with a party that a term needs no construction, the Court is holding as a matter of law that the limitations proposed by the other party do not inhere in the term, and the parties will not be able to argue for such a limitation to a jury.").
H. "Inspection[s]" ('289, '154)
| Finjan's Construction | Symantec's Construction |
|---|---|
| No construction necessary—Plain and ordinarymeaning | scanning for the presence of potentiallymalicious operations |
The Court adopts Finjan's construction.
Both the '289 and '154 Patents repeatedly refer to an "inspection" or "inspections" performed on an input by a security computer. Finjan argues that both a person of ordinary skill in the art and a layperson would understand inspection according to its plain and ordinary meaning, and that the Court need not construe the term. Pl. Br. at 23-24. Symantec argues that the term must be limited to the type of behavioral analysis inspection that it claims is the subject of the inventions. Def. Resp. Br. at 18-20.
Symantec directs the Court to several passages in the patents that suggest that the claimed inventions are limited to behavioral analysis. See, e.g., '289 Patent at 4:37-38 ("The present invention concerns systems and methods for implementing new behavioral analysis technology."); id. at 1:56-59 (comparing conventional "reactive" anti-virus applications based on databases of known virus signatures to "proactive" anti-virus protection that "uses . . . 'behavioral analysis' to analyze computer content for the presence of viruses"). The patents describe behavioral analysis as "automatically scan[ning] and pars[ing] executable content, in order to detect which computer operations the content may perform." Id. at 1:59-61. Accordingly, Symantec argues that the term "inspection" as used in the patents must be limited to that "scanning" function, which it argues is supported by the embodiments of the patent. See id. at 11:35-36 ("Generally, input inspector 275 scans the input to determine the potentially malicious operations that it may perform[.]"); id. at 12:40-43 ("This string is then analyzed by input inspector 275, which . . . scans the JavaScript to determine any potentially malicious operations it includes." (emphasis in original)); id. at 14:59-61 ("At step 356 the security computer scans the input . . . for the presence of potentially malicious operations."); id. at 16:20-21 ("[I]nput inspector 475 analyzes the modified input for the presence of potentially malicious operations.").
In response, Finjan posits that none of these sentences amount to a clear disavowal in the intrinsic record, which it argues is required for the Court to deviate from plain and ordinary meaning. See Aventis Pharm. Inc. v. Amino Chemicals Ltd., 715 F.3d 1363, 1373 (Fed. Cir. 2013) ("The written description and other parts of the specification . . . cannot be used to narrow a claim term to deviate from the plain and ordinary meaning unless the inventor acted as his own lexicographer or intentionally disclaimed or disavowed claim scope."). Finjan also points to a passage of the specification suggesting that the invention applies to both traditional and behavioral analysis: "[s]uch dynamically generated malicious code cannot be detected by a conventional reactive content inspection and conventional gateway level behavioral analysis content inspection." '289 Patent at 4:4-7. Finally, Finjan directs the Court to an embodiment that contemplates inspection by both the traditional reactive method and through the newer behavioral analysis: "a content inspector 174 which may be reactive or proactive, or a combination of reactive and proactive." Id. at 3:3-5.
The Court thus finds that "inspection(s)" should be given its plain and ordinary meaning, and further finds that the plain and ordinary meaning of this term does not include the limitation "scanning for the presence of potentially malicious operations." See Finjan, Inc. v. Secure Comput'g Corp., 626 F.3d at 1207.
I. "Dynamically Updat[e/es/ing] the Combined Search and Security Results Summary" ('299) and "Dynamically Updating the Presentation when Additional Security Assessments are Received" ('182)
| Finjan's Construction | Symantec's Construction |
|---|---|
| No construction necessary—Plain andordinary meaning | updating without user intervention the presentedsearch results and assessments of potentialsecurity risks to present additional assessmentsof potential security risks after additionalassessments of potential security risks arereceived |
| Finjan's Construction | Symantec's Construction |
| No construction necessary—Plain andordinary meaning | updating without user intervention thepresentation of the search results summary and aportion of the security assessments to presentadditional security assessments when additionalsecurity assessments are received |
The Court adopts Finjan's construction.
The supplemental briefing as to these terms presents two questions: (1) whether the terms need to be construed at all, or should be given their plain and ordinary meaning; and (2) whether Symantec's "without user intervention" limitation is required based on a disclaimer by Finjan during the IPR proceedings for the '299 and '182 patents.
1. These terms should be given their plain and ordinary meaning, and that meaning is not limited in the manner Symantec suggests.
At the claim construction hearing, counsel for Symantec argued that "our proposed constructions are the plain and ordinary meaning." Dkt. No. 97 at 107:9-11. The Court disagrees.
As Finjan points out, most of the language offered by Symantec is already included in the claim language that follows the term "dynamically updating," as is evident from claim 1:
dynamically generating a combined search and security results summary comprising:'299 Patent at 13:4-14 (emphasis added). The same is true of claim 21:
presenting the [sic] at least a portion of the identified web content, subsequent to said generating a search results summary and prior to completion of said receiving from the content scanner;
dynamically updating the combined search and security results summary, comprising presenting potential security risks of the presented web content, after the assessments of potential security risks are received from the content scanner[.]
dynamically generating a combined search and security results summary comprising:Id. at 16:4-12.
presenting the [sic] at least a portion of the identified web content, prior to completion of said receiving from the content scanner;
dynamically updating the combined search and security results summary, by presenting potential security risks of the presented web content, after the assessments of potential security risks are received[.]
The Court finds that the claims provide a definition of the "dynamically updating" terms that is consistent with the specification. Further, because the language Symantec seeks to add already appears in some but not all of the claims, it should not be read into every claim. See Karlin Tech., Inc. v. Surgical Dynamics, Inc., 177 F.3d 968, 971-72 (Fed. Cir. 1999). Finally, the Court finds that Symantec has not shown that any argument made by the inventors during prosecution requires construction of the claim as they propose.
2. There was no clear and unmistakable disavowal of scope in the IPR proceeding.
Symantec further argues that during the IPR proceedings for the '299 and '184 patents, "Finjan disclaimed subject matter where the 'dynamically updating . . .' step is performed through user intervention." Dkt. No. 154 ("Def. Supp. Resp. Br.") at 11 (ellipsis in original). Symantec bases this argument on two statements made by Finjan in the IPR proceedings:
• "Rowan simply gives the user an opportunity to check a site's trustworthiness manually at a later time based on a trustworthiness report, not a presentation that is dynamically updated when additional security assessments are received." Id. Ex. 8 ('182 Patent Owner Preliminary Response) at 18.
• "Rowan simply gives the user an opportunity to check a site manually at a later time, not that a combined search and security results summary is dynamically updated when additional security assessments are received." Id. Ex. 9 ('299 Patent Owner Preliminary Response) at 19.
According to Symantec, the PTAB "specifically adopted Finjan's arguments" in its IPR decisions:
• "Although the trustworthiness report may be retrieved afterwards, Petitioner does not point out how Rowan's system 'updates' the display absent user intervention." Id. Ex. 10 ('182 Patent IPR Decision) at 13-14.
• "Although Rowan teaches that a new trustworthiness report may be retrieved by a user at some unspecified future time, we are not persuaded that such user intervention meets the 'presenting' aspect of limitation [H]." Id. Ex. 11 ('299 IPR Decision) at 17 (brackets in original).
Finjan contends that it never used the phrase "without user intervention" in the IPR proceeding, meaning that there was no unmistakable disavowal of scope as Symantec argues. Dkt. No. 159 ("Pl. Supp. Reply Br.") at 5.
The Court agrees with Finjan that there was no "'clear and unambiguous disavowal of claim scope'" here, even recognizing that "applicants rarely submit affirmative disclaimers along the lines of 'I hereby disclaim the following . . .' during prosecution and need not do so to meet the applicable standard." Saffran v. Johnson & Johnson, 712 F.3d 549, 559 (Fed. Cir. 2013) (citation omitted) (ellipsis in original). Given that in the IPR proceeding Finjan never used the phrasing that Symantec now seeks to insert into the claim construction to define the invention, the Court cannot find a clear and unambiguous disavowal. Cf. id. at 559 (patentee's unqualified assertion during prosecution that "the device used is a sheet" limited the device to a continuous sheet). Ultimately, the ALJs based their conclusions on Symantec's failure to adequately support its contentions. See Dkt. No. 154-11 at 14 ("In other words, the Petition states in a conclusory fashion that 'once Rowan's service locates the site, it will dynamically update the presentation to the user. The cited paragraph in the Jha Declaration does not elaborate on this point. Nor do we find that Dr. Jha has supported this bare assertion with factual support. Consequently, we agree with Patent Owner that the Petition lacks sufficient factual support for the contention that Rowan in view of Bates teaches the dynamically updating limitation." (citation omitted)); Dkt. No. 154-12 at 18 (reaching similar finding).
The Court thus finds that the "dynamically update/updating" terms should be given their plain and ordinary meaning, and further finds that the plain and ordinary meaning of these terms does not include the limitations asserted by Symantec. See Finjan, Inc. v. Secure Comput'g Corp., 626 F.3d at 1207.
J. "Non-HTTP Management Data" ('996)
| Finjan's Construction | Symantec's Construction |
|---|---|
| No construction necessary—Plain andordinary meaning | management data that the management servertransmits and receives using a non-HTTPtransport protocol |
The Court adopts Finjan's construction.
The term "non-http management data" is used in every claim of the '996 Patent. Finjan argues that no construction of the term is necessary because a person skilled in the art would recognize its plain and ordinary meaning as "management data that is not HTTP." Pl. Reply Br. at 14. Symantec argues that the term should be construed in light of the specification, which Symantec claims uses the term "non-HTTP management data" to mean "management data that the management server transmits and receives using a non-HTTP transport protocol." Def. Resp. Br. at 24.
There are several problems with Symantec's proposed construction. As an initial matter—despite appearing in quotation marks in Symantec's brief—the language it proposes does not appear anywhere in the '996 Patent. It appears to draw the requirement that the non-HTTP management data be transmitted and received using "non-HTTP transport protocol" from lines 50-52 of column 3. See '996 Patent at 3:50-52 ("Data traffic between management server 150 and clients 105, 110, 115 and 120 typically is formatted using a proprietary non-HTTP transport protocol."). This is the only time "non-HTTP transport protocol" appears in the specification. But, even setting Symantec's misquotation issue aside, the sentence from which Symantec draws the "transport protocol" language appears in a paragraph discussing prior art. See id. at 3:4-65 (discussing the prior art system shown in Figure 1 of the patent). In other words, Symantec seeks to define the term based on the characteristics of a completely different invention.
The Court thus finds that "non-HTTP management data" should be given its plain and ordinary meaning, and further finds that the plain and ordinary meaning of this term does not include the limitation "management data that the management server transmits and receives using a non-HTTP transport protocol." See Finjan, Inc. v. Secure Comput'g Corp., 626 F.3d at 1207.
K. "Before a Web Server Makes the Downloadable Available to Web Clients" ('844)
| Finjan's Construction | Symantec's Construction |
|---|---|
| No construction necessary—Plain andordinary meaning | "before a web server deploys the Downloadableso that web clients can access theDownloadable" where "web client" means "anyapplication program that accesses web page dataon a web server" |
The Court adopts a plain and ordinary meaning construction with additional detail.
The parties' new dispute regarding this phrase has two elements: (1) whether the term "before a web server makes the downloadable available" means that the downloadable must be "deployed"; and (2) whether "web client" is a term that must be construed. The parties invite the Court to take a long and convoluted journey not only through the '844 Patent, but through several years of litigation maneuvering in other cases involving that patent. In the interest of getting the parties as prompt an answer as possible and moving this litigation toward resolution, the Court addresses the parties' complicated contentions as briefly as it can.
1. The Court rejects Symantec's proposed "deployment" limitation as inconsistent with the intrinsic record.
The specification of the '844 Patent makes clear that the fundamental purpose of the described invention is "protecting a network from suspicious Downloadables." '844 patent at 1:62-63. The invention accomplishes this by "examin[ing] the Downloadable code to determine whether the code contains any suspicious operations, and thus may allow or block the Downloadable accordingly." Id. at 2:65-3:2. See also Medvidovic Supp. Decl. at ¶ 13 ("[T]he Downloadable is inspected for malicious content before it is allowed to be executed by the clients, i.e., made available to web clients. Effectively, this means that the Downloadable is blocked or prevented from reaching the web client.").
Symantec argues that "before a web server makes the Downloadable available to web clients" should be construed to mean "before a web server deploys the Downloadable so that web clients can access the Downloadable." The word "deploy" or "deployment" appears three times in the '844 patent: in step 645 of Figure 6 ("Forward the signed inspected downloadable to the web server for deployment"); at column 5, lines 3-6 ("The inspector 125 then transmits the signed inspected Downloadable to the web server 185 for addition to web page data 190 and web page deployment"); and at column 9, lines 11-18 ("If the inspector 125 determines in step 640 that no more content inspection is to be effected, then the inspector 125 forwards the signed inspected Downloadable 195 to the web server 185 for addition to web page data 190 and web engine deployment. Accordingly, the web client 175 can access the web page data 190, and thus can retrieve the signed inspected Downloadable 195.").
Finjan responds that Symantec's construction would exclude preferred embodiments, or read limitations from described embodiments into the claims. Def. Supp. Resp. Br. at 5-6. Symantec counters that "there are claims asserted against Symantec (e.g. claims 1, 15, 41 and 43) that cover the 'inspector' embodiments of the '844 patent, and there are claims not asserted against Symantec (e.g. claims 22, 23, 32 and 44) that cover the 'network gateway' embodiments of the '844 patent." Def. Supp. Resp. Br. at 5 (emphasis in original). According to Symantec, "the embodiments that Finjan contends Symantec's construction excludes are actually directed to the gateway rather than by [sic] the inspector, and are covered by other non-asserted claims." Id. at 6. Symantec cites Federal Circuit authority for the principle that not all claims must be construed to cover all embodiments, and contends the fact "[t]hat the '844 patent includes unasserted 'gateway' claims is 'probative evidence' that the asserted 'inspector' claims are not intended to cover the 'gateway' embodiment." Id. (citing Sinorgchem Co., Shandong v. Int'l Trade Comm'n, 511 F.3d 1132, 1138 (Fed. Cir. 2007) and PSN Illinois, LLC v. Ivoclar Vivadent, Inc., 525 F.3d 1159, 1166 (Fed. Cir. 2008)). In response, Finjan argues that the patent "does not limit an inspector to 'linking' before a web server 'deploys the Downloadable[,]'" but rather "describes an inspector in terms that could allow it to be at multiple locations in a network architecture, including at the gateway." Pl. Supp. Reply Br. at 1-2.
While the parties' arguments on this point strike the Court as extraordinarily complicated, the Court agrees that the intrinsic record does not support the "deployment" limitation urged by Symantec. Symantec characterizes the embodiment described in Figure 7 and at cited sections of columns 7 and 9 as the "gateway embodiment." Def. Supp. Resp. Br. at 6-7. But the sections of the specification and the figure cited do not make this characterization, or even use the word "gateway." And while the specification does discuss the "protection engine 500, which exemplifies . . . the network protection engine 135," '844 patent at 7:41-44, and Figure 1 in turn shows the network protection engine as part of the gateway, id. at Fig. 1, the specification read as a whole does not support Symantec's assertion that "[t]he unasserted 'gateway' claims are directed to this [purported gateway] embodiment" while "[t]he asserted 'inspector' claims are not," Def. Supp. Resp. Br. at 7.
The Court thus finds that construing the term to require "deployment" would improperly exclude preferred embodiments from the claims, see Accent Packaging, Inc. v. Leggett & Platt, Inc., 707 F.3d 1318, 1326 (Fed. Cir. 2013), or import limitations from the specifications into the claims, see Epos Techs. Ltd. v. Pegasus Techs. Ltd., 766 F.3d 1338, 1343-44 (Fed. Cir. 2014). The Court further finds that this is not a circumstance in which it may properly interpret the asserted claims to exclude what Symantec characterizes as the "gateway embodiment," because that embodiment is not "inconsistent with unambiguous language in the patent's specification or prosecution history." Sinorgchem, 511 F.3d at 1138.
Finally, the Court finds that nothing in the prosecution history regarding the patentee's distinction of the Ji prior art requires the inclusion of Symantec's "deployment" language. Symantec cites the patentee's representation that "in Ji, 'the burden of examining Downloadable for the suspicious code is always on the network gateway,' whereas '[i]n Applicant's system, some of the burden may be transferred to the inspector.'" Def. Supp. Resp. Br. at 8 (brackets in original) (emphasis added) (quoting from '844 patent file history). The Court does not read this language to establish Symantec's apparent point that an inspector by definition can never be at the gateway, or to amount to a clear and unmistakable disavowal of claim scope so as to require adoption of Symantec's construction. SAS Inst., Inc. v. ComplementSoft, LLC., 825 F.3d 1341, 1349 (Fed. Cir. 2016) ("Where the alleged disavowal is ambiguous, or even amenable to multiple reasonable interpretations, we have declined to find prosecution disclaimer." (internal quotation marks and citation omitted)).
2. "Web client" will be given its plain and ordinary meaning, which the Court determines based on the totality of the record.
The Court finds that Symantec's proposed construction of "web client" is unwarranted. To the extent "any" application program could include programs necessary to implement the inspector's review of potentially malicious Downloadables, or the inspector itself, that would be inconsistent with the purpose of the invention, which is to ensure that "web clients" can only access web content once it is determined to be safe. See '844 Patent at 9:16-17 (after inspector forwards signed inspected Downloadable to the web server, "the web client 175 can access the web page data 190 and thus can retrieve the signed inspected downloadable 195"). The Court agrees with Finjan that, under Thorner, there is no basis for departing from plain and ordinary meaning as to this term. The Court thus finds that "web client" should be given its plain and ordinary meaning, and further finds based on the intrinsic record that the plain and ordinary meaning of this term is not "any application program that accesses web page data on a web server."
The Court further finds, however, that under these circumstances simply instructing the jury to give this term its plain and ordinary meaning is not sufficient to resolve the parties' dispute as required under O2 Micro. At oral argument on the supplemental claim construction briefs, Finjan's counsel suggested that at trial the parties could argue that an identified element of the network architecture does or does not act as a "web client" as a factual matter, without impermissibly construing the term. The Court is not persuaded. While it is often difficult to distinguish acceptable fact-based arguments directed to whether the accused products do or do not infringe from impermissible submission of claim construction issues to the jury, the Court is convinced that more guidance is required here. See EON Corp., 815 F.3d at 1319 (plain and ordinary meaning instruction was erroneous where parties actively disputed the scope of terms "portable" and "mobile": "[b]y determining only that the terms should be given their plain and ordinary meaning, the court left this question of claim scope unanswered, leaving it to the jury to decide"). Accordingly, the Court believes that it must determine the "plain and ordinary meaning" of the term "web client" in the context of the '844 patent at this stage. See, e.g., Hill-Rom Servs., Inc. v. Stryker Corp., 755 F.3d at 1375 (Fed. Cir. 2014) ("We hold that, consistent with the record evidence, the plain and ordinary meaning of datalink at the time of the patent filing would be a link that carries data in a wired or wireless fashion.").
In its claim construction briefing, Finjan relies on its expert Dr. Medvidovic in arguing that "[i]t is well known in the art that a 'web client' is the application that originates the request for a Downloadable over the Internet." Pl. Supp. Br. at 5 (citing Medvidovic Supp. Decl. ¶ 14). The cited paragraph of Dr. Medvidovic's declaration states:
I also understand the term "web clients," in the context of the '844 Patent, as clients requesting the Download [sic] from the web server and that can be protected by the inspector system that generates the profile and linking [sic] it to the Downloadable. '844 Patent, Col. 5, ll. 13-22. As understood in reading the '844 Patent, these "web clients" can also be considered the "end users" of the inspector system, another plain and ordinary meaning of this claim element. These "web clients" are shown in FIG. 1 of the '844 Patent, where they are the user computer protected by the inspector system. This
is [sic] understanding is consistent with the description provided in the specification of the '844 Patent.Medvidovic Supp. Decl. at ¶ 14; see also Dkt. No. 159 ("Pl. Supp. Reply Br.") at 4 ("In other words, based on the structure of the claims as written, the 'web clients' are the end users of the web server that are using the inspector for protection. However, as this understanding is already inherent in the claims as written, Finjan did not seek construction of the term."); Medvidovic Supp. Decl. at ¶ 18 ("'web clients' are applications on the end user computers that originally request Internet content").
As Symantec points out, consistent with its position as summarized above, Finjan has consistently argued in other litigation involving the '844 patent (including litigation before this Court) that "web client" means an end user's computer. See Dkt. No. 135, Ex. 2 (order denying Sophos' motion for summary judgment of noninfringement of the '844 patent, inter alia, in Finjan, Inc. v. Sophos, Inc., No. 3:14-cv-1197-WHO, Dkt. No. 205) at 39 ("[Finjan] argues that the web clients in the accused products are the end users, not the accused products themselves."); id. Ex. 3 (Finjan's supplemental claim construction brief for the term "web clients" from the '844 patent in Finjan, Inc. v. Proofpoint, Inc., No. 3:13-cv-5808-HSG, Dkt. No. 462) at 1-5 (arguing that the plain and ordinary meaning of "web client" is the "end user's computer"); id. Ex. 4 (Finjan's opposition to motion for summary judgment of noninfringement of the '844 patent, inter alia, in Finjan, Inc. v. Proofpoint, Inc., No. 3:13-cv-5808-HSG, Dkt. No. 321) at 10 ("The only logical interpretation, which is fully supported with the documentary and testimony evidence, is that the end user is the web client.").
The Court agrees with Finjan's characterizations, and further finds that to definitively avoid any claims of an O2 Micro violation at trial, it must instruct the jury as to the plain and ordinary meaning of the term "web client." The Court finds that, viewed within the context of the entire '844 Patent, and considering the intrinsic record and the proffered extrinsic evidence, the plain and ordinary meaning of "web client" for a person of ordinary skill in the art at the time the patent issued is "an application on the computer of an end user that requests a Downloadable from the web server." //
III. CONCLUSION
The Court CONSTRUES the disputed terms as follows:
| Term | Patent(s) | Construction |
|---|---|---|
| Downloadable | '844, '926,'494 | an executable application program, which isdownloaded from a source computer andrun on the destination computer |
| Database | '926, '494 | a collection of interrelated data organizedaccording to a database schema to serve oneor more applications |
| Means for Receiving a Downloadable | '844 | Function: receiving a DownloadableStructure: Downloadable file interceptor |
| Means for Generating a FirstDownloadable Security Profile thatIdentifies Suspicious Code in theReceived Downloadable | '844 | Function: generating a first Downloadablesecurity profile that identifies suspiciouscode in the received DownloadableStructure: content inspection engineprogrammed to perform the algorithmdisclosed at Col. 8, lines 51-60 of the '844Patent |
| Means for Linking the FirstDownloadable Security Profile to theDownloadable Before a Web ServerMakes the Downloadable Available toWeb Clients | '844 | Function: linking the first Downloadablesecurity profile to the Downloadable beforea web server makes the Downloadableavailable to web clientsStructure: content inspection engineprogrammed to perform the algorithm ofstep 630 disclosed at Fig. 6; col. 8, lines 65-67; and col. 6, lines 13-24 |
| Protecting a Computer fromDynamically Generated MaliciousContent | '289, '154 | No construction necessary of preamble |
| Content Processor | '289, '154 | No construction necessary—Plain andordinary meaning |
| Inspection[s] | '289, '154 | No construction necessary—Plain andordinary meaning |
| Dynamically Updat[e/es/ing] theCombined Search and Security ResultsSummary | '299 | No construction necessary—Plain andordinary meaning |
| Dynamically Updating the Presentationwhen Additional Security Assessmentsare Received | '182 | No construction necessary—Plain andordinary meaning |
| Non-HTTP Management Data | '996 | No construction necessary—Plain andordinary meaning |
| Before a Web Server Makes theDownloadable Available to WebClients | '844 | No construction necessary—Plain andordinary meaning. Plain and ordinarymeaning of "web client" is "an applicationon the computer of an end user that requestsa Downloadable from the web server." |
In addition, the Court SETS a further case management conference for February 21, 2017, at 2:00 p.m. Finally, the Court DIRECTS the parties to consult the scheduling order currently in effect for upcoming deadlines that are triggered by this claim construction order. See Dkt. No. 127.
IT IS SO ORDERED. Dated: February 10, 2017
/s/_________
HAYWOOD S. GILLIAM, JR.
United States District Judge