From Casetext: Smarter Legal Research

Finjan, Inc. v. Bitdefender Inc.

UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA
Feb 14, 2019
Case No. 17-cv-04790-HSG (N.D. Cal. Feb. 14, 2019)

Opinion

Case No. 17-cv-04790-HSG

02-14-2019

FINJAN, INC., Plaintiff, v. BITDEFENDER INC., et al., Defendants.


CLAIM CONSTRUCTION ORDER

On August 16, 2017, Plaintiff Finjan Inc. ("Finjan") filed this patent infringement action against Defendants Bitdefender Inc. and Bitdefender S.R.L. (collectively, "Bitdefender"). Dkt. No. 1 ("Compl."). The parties now seek construction of ten terms found in four patents: Patent Nos. 6,804,780 ("the '780 Patent"), 7,930,299 ("the '299 Patent"), 8,141,154 ("the '154 Patent"), and 8,677,494 ("the '494 Patent") (collectively, "the Asserted Patents"). See Dkt. No. 73 ("JCCS"). This order follows claim construction briefing and a claim construction hearing. See Dkt. Nos. 76 ("Op. Br."), 81 ("Resp. Br."), 84 ("Reply Br."). The parties subsequently submitted several requests for judicial notice regarding recently filed orders interpreting the Asserted Patents. See Dkt. Nos. 90, 92-94.

The Court GRANTS the requests for judicial notice. The existence and contents of those orders are "not subject to reasonable dispute" because they "can be accurately and readily determined from sources whose accuracy cannot reasonably be questioned." Fed. R. Evid. 201(b).

I. LEGAL STANDARD

Claim construction is a question of law to be determined by the Court. Markman v. Westview Instruments, Inc., 517 U.S. 370, 384 (1996). "The purpose of claim construction is to determine the meaning and scope of the patent claims asserted to be infringed." O2 Micro Int'l Ltd. v. Beyond Innovation Tech. Co., 521 F.3d 1351, 1360 (Fed. Cir. 2008) (quotation omitted).

Generally, claim terms should be "given their ordinary and customary meaning"—in other words, "the meaning that the term[s] would have to a person of ordinary skill in the art in question at the time of the invention." Phillips v. AWH Corp., 415 F.3d 1303, 1312-13 (Fed. Cir. 2005) (en banc) (quotation omitted). There are only two circumstances where a claim is not entitled to its plain and ordinary meaning: "1) when a patentee sets out a definition and acts as his own lexicographer, or 2) when the patentee disavows the full scope of a claim term either in the specification or during prosecution." Thorner v. Sony Comput. Entm't Am. LLC, 669 F.3d 1362, 1365 (Fed. Cir. 2012).

When construing claim terms, the Federal Circuit emphasizes the importance of intrinsic evidence such as the language of the claims themselves, the specification, and the prosecution history. Phillips, 415 F.3d at 1312-17. The claim language can "provide substantial guidance as to the meaning of particular claim terms," both through the context in which the claim terms are used and by considering other claims in the same patent. Id. at 1314. The specification is likewise a crucial source of information. Id. at 1315-17. Although it is improper to read limitations from the specification into the claims, the specification is "the single best guide to the meaning of a disputed term." Id. at 1315 (noting that "the specification is always highly relevant to the claim construction analysis," and that "[u]sually, it is dispositive" (quotation omitted)); see also Merck & Co. v. Teva Pharm. USA, Inc., 347 F.3d 1367, 1371 (Fed. Cir. 2003) (explaining that "claims must be construed so as to be consistent with the specification").

Despite the importance of intrinsic evidence, courts may also consider extrinsic evidence—technical dictionaries, learned treatises, expert and inventor testimony, and the like—to help construe the claims. Phillips, 415 F.3d at 1317-18. For example, dictionaries may reveal what the ordinary and customary meaning of a term would have been to a person of ordinary skill in the art at the time of the invention. Frans Nooren Afdichtingssystemen B.V. v. Stopaq Amcorr Inc., 744 F.3d 715, 722 (Fed. Cir. 2014) ("Terms generally carry their ordinary and customary meaning in the relevant field at the relevant time, as shown by reliable sources such as dictionaries, but they always must be understood in the context of the whole document—in particular, the specification (along with the prosecution history, if pertinent)."). Expert testimony can also help "to ensure that the court's understanding of the technical aspects of the patent is consistent with that of a person of skill in the art, or to establish that a particular term in the patent or the prior art has a particular meaning in the pertinent field." Phillips, 415 F.3d at 1318. Extrinsic evidence is, however, "less significant than the intrinsic record in determining the legally operative meaning of claim language." Id. at 1317 (quotation omitted).

II. AGREED TERMS

The parties agree on the construction of three terms. JCCS at 1. In light of the parties' agreement, the Court adopts the construction of these terms as set forth in the following table:

Patent

Claim Term

Agreed Construction

'494 Patent

"downloadable" [claims 1, 2, 5,6, 7, 10, 11, 14, 15, and 16]

"an executable application program,which is downloaded from a sourcecomputer and run on the destinationcomputer"

'494 Patent

"database" [claims 1, 2, 10, and11]

"a collection of interrelated dataorganized according to a databaseschema to serve one or moreapplications"

'780 Patent

"downloadable" [claims 1, 2, 5,6, 9, 13, 14, and 18]

"an executable application program,which is downloaded from a sourcecomputer and run on the destinationcomputer"

III. DISPUTED TERMS

A. "suspicious computer operations" ('494 Patent)

Finjan's Construction

Bitdefender's Construction

No construction necessary - Plain andordinary meaning. Plain and ordinarymeaning of "suspicious" is "hostile orpotentially hostile."

IndefiniteAlternatively, "a subset of all possiblecomputer operations that have been deemedsuspicious prior to their inclusion in thelist"

The Court adopts Finjan's construction, finds the plain and ordinary meaning of "suspicious" is "hostile or potentially hostile," and accordingly construes the term

"suspicious computer operations" as "hostile or potentially hostile computer operations."

The disputed term appears in independent claims 1 and 10, and dependent claims 6 and 15 of the '494 Patent. JCCS at 1. Claim 1 is representative of how the term is used in the claim language:

Claim 1

1. A computer-based method, comprising the steps of:receiving an incoming Downloadable;deriving security profile data for the Downloadable, including a list of suspiciouscomputer operations that may be attempted by the Downloadable; andstoring the Downloadable security profile data in a database.

Finjan asks the Court to give "suspicious computer operations" its plain and ordinary meaning, arguing that the plain meaning of "suspicious" in the context of the '494 Patent is "hostile or potentially hostile." Op. Br. at 3-5; Reply Br. at 1-3. Starting with the specification, Finjan notes that the '494 Patent incorporates the '780 Patent, which describes "suspicious" computer operations as "Operations Deemed Potentially Hostile." See Op. Br. at 3; see also '494 Patent, 1:28-33 (incorporating the '780 Patent by reference); '780 Patent, 3:25-28 ("It is to be understood that the term 'suspicious' includes hostile, potentially hostile, undesirable, potentially undesirable, etc."). Finjan further notes that the '780 Patent discloses several examples of potentially hostile computer operations. See Op. Br. at 3; see also '780 Patent, 5:55-60 ("DSP data 310 includes the list of all potentially hostile or suspicious computer operations that may be attempted by a specific Downloadable 307, and may also include the respective arguments of these operations. For example, DSP data 310 may include a READ from a specific file, a SEND to an unresolved host, etc."), 6:1-14 (providing "An Example list of Operations Deemed Potentially Hostile"). According to Finjan's expert, a person of ordinary skill in the art would, after reading the patentee's specification, understand the term to possess its plain meaning: "as computer operations that are hostile or potentially hostile." Dkt. No. 76-1 ("Medvidovic Decl.") ¶¶ 12-14.

Bitdefender and its expert argue the term is indefinite because whether a computer operation is "suspicious"—or "hostile," for that matter—"is an inherently subjective matter of opinion." Resp. Br. at 1; Dkt. No. 81-3 ("Shaefer Decl.") ¶ 17 (opining that "certain computer operations may be welcome in one environment, but unsafe in another"). In Bitdefender's view, "suspicious" is just as subjective as terms previously found indefinite by the Federal Circuit. Resp. Br. at 1-2 (citing Interval Licensing LLC v. AOL, Inc., 766 F.3d 1364, 1371-74 (Fed. Cir. 2014) (finding "in an unobtrusive manner" indefinite) and Datamize, LLC v. Plumtree Software, Inc., 417 F.3d 1342, 1350-56 (Fed. Cir. 2005) (finding "aesthetically pleasing look and feel" indefinite), abrogated by Nautilus, Inc. v. Biosig Instruments, Inc., 572 U.S. 898 (2014)). And as to Finjan's reliance on the examples of suspicious computer operations in the '780 Patent, Bitdefender responds that nonexclusive lists cannot render definite an otherwise subjective term. Id.

Bitdefender alternatively argues that, if the Court finds the term definite, the Court should construe it as "a subset of all possible computer operations that have been deemed suspicious prior to their inclusion in the list." Resp. Br. at 2. Bitdefender contends this would be consistent with the '780 Patent's list of operations that are "deemed potentially hostile," as well as representations made by Finjan to the PTAB in Symantec Corp. v. Finjan, Inc., No. IPR2015-01892, 2017 WL 1041718 (P.T.A.B. Mar. 15, 2017) ("Symantec IPR"). Id. at 2-3.

The Court first finds the term is sufficiently definite. Contrary to Bitdefender's arguments, the term "suspicious computer operations," when read in light of the specification and file history, is not facially subjective to a person of ordinary skill in the art. As Finjan notes, to suggest that a person skilled in computer security somehow cannot apply the term "suspicious computer operations" without additional guidance is untenable. See Reply Br. at 1. The Court also finds Bitdefender's purportedly comparable cases unavailing. A system displaying content in an "unobtrusive manner" or the look and feel of a kiosk screen being "aesthetically pleasing" are categorically unlike "suspicious computer operations," which a person of ordinary skill in the art of computer security would have no issue objectively applying. See Medvidovic Decl. ¶¶ 12-14. Cf. Interval Licensing LLC, 766 F.3d at 1371-74; Datamize, LLC, 417 F.3d at 1350-56.

The Court also finds that the term's plain and ordinary meaning is "hostile or potentially hostile." As Finjan notes, the '494 Patent incorporates the '780 Patent, which in turn expressly states that "suspicious" operations are "hostile or potentially hostile." Op. Br. at 3-5. And as Finjan's expert explains, a skilled artisan would view the term to carry that meaning. See Medvidovic Decl. ¶¶ 12-14; Phillips, 415 F.3d at 1312-13 (instructing courts to typically give terms their ordinary and customary meaning).

As to Bitdefender's alternative proposal, the Court does not find that Finjan's PTAB representations amounted to a disclaimer because Finjan did not directly contradict its position here. In the Symantec IPR, Finjan said, for instance, that there is "no a priori understanding of what constitutes a suspicious computer operation, but rather, some subset of all possible computer operations must first be deemed suspicious in order to derive a list of suspicious computer operations for a Downloadable." Adamson Decl. Ex. A, at 8-9 (quotations and alterations removed). But that statement does not unambiguously contradict Finjan's position here: that a skilled artisan would understand the term "suspicious computer operations" to mean "hostile or potentially hostile" when read in the context of the claims. See Reply Br. at 2-3.

Finally, the Court observes that other judicial decisions support the Court's conclusions here. See Finjan, Inc. v. Symantec Corp., No. 14-cv-02998-HSG, 2017 WL 550453, at *3 (N.D. Cal. Feb. 10, 2017) ("The court considers the prior claim construction order for its persuasive value, while still ultimately reaching its own independent judgment."). For instance, in Finjan, Inc. v. Blue Coat Systems, LLC, Judge Freeman articulated this claim term as including "potentially hostile" operations. See No. 15-cv-03295-BLF, 2016 WL 7212322, at *2 (N.D. Cal. Dec. 13, 2016) (Blue Coat II). And several other courts in this district have not found this term indefinite when considering the '494 Patent under 35 U.S.C. § 101. See Op. Br. at 4 (citing Finjan, Inc. v. Sophos, Inc., 244 F. Supp. 3d 1016, 1055-1061 (N.D. Cal. Mar. 14, 2017)). Construing U.S. Patent No. 6,092,194 ("the '194 Patent")—a parent of the '494 Patent—a federal district court in Delaware gave a plain and ordinary meaning to the term "a list of suspicious computer operations that may be attempted by the Downloadable." See Finjan, Inc. v. McAfee, Inc., No. 10-cv-00593 (GMS), 2012 WL 12905833, at *1 & n.3 (D. Del. Feb. 29, 2012) (emphasis added). In doing so, the court rejected the defendant's proposed construction of this term as "a list of all operations that may be attempted by the received Downloadable that have been determined to be suspicious." See id. at *1 n.3. The court found that Finjan had not "disavowed the plain and ordinary meaning of this term through its patent specification and prosecution history to distinguish it from the prior art." Id. Most recently, in Finjan, Inc. v. Juniper Network, Inc., Judge Alsup rejected an argument that "suspicious computer operations" was indefinite for being subjective—the very argument Bitdefender now advances. See No. C 17-05659 WHA, 2018 WL 4184338, at *6 (N.D. Cal. Aug. 31, 2018) (Juniper).

Judge Alsup also construed "list of" in "list of suspicious computer operations," and construed that term as a whole to be "list of computer operations in a received Downloadable that are deemed hostile or potentially hostile." 2008 WL 4174338, at *3. The parties here, however, do not ask this Court to construe the "list of" language.

B. "Downloadable scanner coupled with said receiver, for deriving security profile data for the Downloadable" ('494 Patent)

Finjan's Construction

Bitdefender's Construction

No construction necessary - Plain andordinary meaning.

This phrase should be construed pursuant to35 U.S.C. § 112(6) to cover thecorresponding structure disclosed in the'494 patent, namely the code scannerreferred to in the '194 patent at 5:36-57,9:20-33, and Fig. 7, and equivalents.Alternatively, "a code scanner that usesparsing techniques to decompose code intoconstituent operations and identifiesspecified operations or patterns ofoperations"

The Court construes this term as "Downloadable software that searches code to identify suspicious patterns or suspicious computer operations, coupled with said receiver, for deriving security profile data for the Downloadable."

The disputed term appears in independent claim 10 of the '494 Patent. JCCS at 1. // // // //

Claim 10

10. A system for managing Downloadables, comprising:a receiver for receiving an incoming Downloadable;a Downloadable scanner coupled with said receiver, for deriving security profile datafor the Downloadable, including a list of suspicious computer operations that may beattempted by the Downloadable; anda database manager coupled with said Downloadable scanner, for storing theDownloadable security profile data in a database.

Finjan again argues that no construction is necessary, and that the Court can adopt the term's plain and ordinary meaning. See Op. Br. at 5-7; Reply Br. 3-5. Finjan highlights that the parties have already agreed that the term "Downloadable" means an "executable application program, which is downloaded from a source computer and run on the destination computer." See Op. Br. at 5. Finjan's expert then opines that "a scanner is a well know[n] component in computer security and software, and has an associated structure for scanning content such as Downloadables." See id. (citing Medvidovic Decl. ¶ 16). Finjan's expert continues: "A scanner connotes a structure that is directed to scanning a downloadable received by the receiver. Moreover, reading the entire claim explains that it has three distinct steps: (1) a receiver receives Downloadables, (2) a scanner scans those Downloadables, and (3) a database manager stores the data obtained by the scanner in a database." Medvidovic Decl. ¶ 17. Thus, in Finjan's expert's opinion, "there is no need to look any further for the structure of this term." Id.

Bitdefender argues this is a means-plus-function term subject to 35 U.S.C. § 112, despite the absence of the word "means." See Resp. Br. at 3. And it contends that the claim terms are either purely functional ("deriving security profile data for the Downloadable") or refer to the scanner's "relation to other parts in the system, not its structure" (for instance, "coupled with said receiver"). Id. Bitdefender argues accordingly that the "Downloadable scanner" lacks sufficient "internal structure" to render the term definite. Id. at 4-5. Finally, Bitdefender contends that "[t]o the extent the Court finds that the features that Finjan attributed to the claims in order to defend their validity in [other matters] impart sufficient structure to avoid application of § 112, ¶ 6," the Court should adopt the construction, "a code scanner that uses parsing techniques to decompose code into constituent operations and identifies specified operations or patterns of operations." Id. at 5.

In assessing whether a claim invokes Section 112(6), the Court must determine if the claim limitation is drafted in the means-plus-function format. "The use of the term 'means' triggers a rebuttable presumption that § 112, ¶ 6 governs the construction of the claim term." Robert Bosch, LLC v. Snap-On Inc., 769 F.3d 1094, 1097 (Fed. Cir. 2014). Conversely, there is a general presumption that the limitation does not invoke Section 112(6) where the claim language does not recite the term "means." Id.; Zeroclick, LLC v. Apple Inc., 891 F.3d 1003, 1007 (Fed. Cir. 2018). This presumption is not strong, and it is rebuttable. Williamson v. Citrix Online, LLC, 792 F.3d 1339, 1349 (Fed. Cir. 2015). "The standard is whether the words of the claim are understood by persons of ordinary skill in the art to have a sufficiently definite meaning as the name for structure." Id. "When a claim term lacks the word 'means,' the presumption can be overcome and § 112, para. 6 will apply if the challenger demonstrates that the claim term fails to 'recite sufficiently definite structure' or else recites 'function without reciting sufficient structure for performing that function.'" Id. (quoting Watts v. XL Sys., Inc., 232 F.3d 877, 880 (Fed. Cir. 2000)).

The Court finds that this is not a means-plus-function term subject to Section § 112(6). To begin, the claim term does not use the word "means." "Presumptively, therefore, § 112, ¶ 6 does not apply . . . ." See Zeroclick, LLC, 891 F.3d at 1007. Nor does the term contain an equivalent nonce word for "means," such as "module." Cf. Williamson, 792 F.3d at 1350 (finding that "[m]odule is a well-known nonce word that can operate as a substitute for 'means' in the context of § 112, para. 6"); Zeroclick, LLC, 891 F.3d at 1008 (holding that a district court erred by effectively treating "program" and "user interface code" as nonce words and thus as substitutes for "means").

Bitdefender relies on Media Rights Technologies, Inc. v. Capital One Financial Corp., 800 F.3d 1366, 1372 (Fed. Cir. 2015), for the proposition that "scanner" does not impart sufficient "internal structure," but that case is inapposite in several respects. See Resp. Br. at 3-4. First, the Media Rights plaintiff did not dispute that the term to be construed—"compliance mechanism"—had "no commonly understood meaning and is not generally viewed by one skilled in the art to connote a particular structure." Media Rights, 800 F.3d at 1372. Here, in contrast, Finjan's expert opines that a "scanner" is recognized by those skilled in the art "as a structure for scanning a Downloadable." See Medvidovic Decl. ¶¶ 16-17. Second, unlike in Media Rights, where the court found that the modifier "compliance" failed to impart additional structure to the term "mechanism," the parties here agree that a "Downloadable" is "an executable application program, which is downloaded from a source computer and run on the destination computer." Compare 800 F.3d at 1373 (citing Mass. Inst. of Tech. v. Abacus Software, 462 F.3d 1344, 1354 (Fed. Cir. 2006)), with JCCS at 1. Given the parties' agreement that "Downloadable" has a tangible meaning, the Court finds that a skilled artisan could derive the proper scope of the claim term from the patent's language.

The Court also rejects Bitdefender's alternative construction, which not only reads out several of the claim's express elements—e.g., "Downloadable," "security profile data," and "coupled with said receiver"—but also reads in elements that appear nowhere in the claim language—e.g., "parsing" and "code." For this construction, Bitdefender relies on technical dictionaries and features of the incorporated '194 Patent. See Resp. Br. at 5. But this Court cannot sanction a wholesale reconstruction of a term on this basis, given the general proscription against importing extrinsic limitations into the claim terms. See Phillips, 415 F.3d at 1312-13.

Although the Court agrees with Finjan that a skilled artisan could derive the proper scope of the claim term from the patent's language, the Court finds deficient Finjan's proposal that no construction is necessary. As Judge Freeman recently explained in construing "Downloadable scanner" in this claim, "[p]resenting that the scanner has a plain and ordinary meaning will not aid the jury." Finjan, Inc. v. Cisco Sys., Inc., No. 17-cv-00072-BLF, 2018 WL 3537142, at *13 (N.D. Cal. July 23, 2018) (Cisco). And as Judge Freeman detailed, the specification of the '194 Patent—a parent of the '494 Patent—disclosed that a code scanner "may search the code for any pattern, which is undesirable or suggests that the code was written by a hacker." Id. (citing '194 Patent, 5:54-57). Because the scanner "may generate DSP data that includes suspicious computer operations," Judge Freeman ultimately reasoned that a skilled artisan would understand "Downloadable scanner" to mean "software that searches code to identify suspicious patterns or suspicious computer operations." Id. (citing '194 Patent, 5:50-54); see also Juniper, 2018 WL 4184338, at *7-8 (adopting Cisco's construction). The Court agrees.

C. "database manager" ('494 Patent)

Finjan's Construction

Bitdefender's Construction

No construction necessary - Plain andordinary meaning. Plain and ordinarymeaning of database manager is hardwareand/or software that controls a database.

"A program or programs that control adatabase so that the information it containscan be stored, retrieved, updated, andsorted"

The Court adopts Bitdefender's construction.

The disputed term appears in independent claim 10 and dependent claim 11 of the '494 Patent. JCCS at 2. Claim 10 is representative of how the term is used in the claim language:

Claim 10

10. A system for managing Downloadables, comprising:a receiver for receiving an incoming Downloadable;a Downloadable scanner coupled with said receiver, for deriving security profile data forthe Downloadable, including a list of suspicious computer operations that may beattempted by the Downloadable; anda database manager coupled with said Downloadable scanner, for storing theDownloadable security profile data in a database.

Finjan again argues that no construction is necessary in view of the term's plain and ordinary meaning: hardware and/or software that controls a database. Op. Br. at 8; Reply Br. at 5-6. Finjan's expert maintains that "database" is a well-known component in computer security and software. See Medvidovic Decl. ¶ 19. Finjan also claims that the Sophos court construed the term "database" consistent with its interpretation of "database manager" here. Op. Br. at 8; see Finjan, Inc. v. Sophos, Inc., No. 14-cv-01197-WHO, 2015 WL 890621, at *2-4 (N.D. Cal. Mar. 2, 2015). The Sophos court's construction of "database" parallels the parties' agreed-upon construction of that term in this litigation. Compare id., with JCCS at 1 (agreeing that a "database" is "a collection of interrelated data organized according to a database schema to serve one or more applications"). And in construing "database," the Sophos court stated that "[a] database manager uses the database to retrieve security profile data for an incoming Downloadable." 2015 WL 890621, at *3. According to Finjan, it is undisputed that the "[d]atabase manager is something that 'controls" or "manages' a database for storing and retrieving information," and thus any additional limitations are unnecessary. Op. Br. at 8.

Finjan's focus on the database manager's function, however, obscures the central dispute: whether a database manager can encompass both hardware and software. Bitdefender contends that covering both is an impermissible expansion of the term that contradicts the position taken by Finjan and its expert in the Symantec IPR proceeding. Resp. Br. at 5. As Bitdefender notes, Finjan insisted in that IPR that the "database manager must be a program or programs, not hardware and/or software as it now contends." Id. at 6 (quotations omitted). In Bitdefender's view, that "[p]rosecution disclaimer precludes Finjan's about-face." Id.

The Court agrees that Finjan's position in the Symantec IPR sufficiently contradicted its current position to meet the high threshold for disavowal. See Poly-America, L.P. v. API Indus., Inc., 839 F.3d 1131, 1136 (Fed. Cir. 2016) ("While disavowal must be clear and unequivocal, it need not be explicit."). In arguing for the patentability of the claimed "database manager" over Morton Swimmer et al. Dynamic Detection and Classification of Computer Viruses Using General Behaviour Patterns ("Swimmer"), Finjan stated:

[A] person skilled in the art at the time would understand the term database manager to mean a program or programs that control a database so that the information it contains can be stored, retrieved, updated and sorted, which definition is consistent with Dr. Davidson's parenthetical definition of the term, a component that manages and controls the storage and retrieval of data in the database, but Swimmer does not have [such] a program or programs . . . .
Symantec IPR, 2017 WL 1041718, at *20 (quotations omitted). Similarly, under the heading "Swimmer does not teach or suggest 'database manager coupled with said downloadable scanner, for storing the downloadable security profile data in a database,'" Finjan's expert opined in a declaration:
159. I understand Petitioner and Dr. Davidson identify Swimmer's "audit system or a portion thereof" as the claimed "database manager." A person skilled in the art at the time would understand database manager to mean "a program or programs that control a database so that the information it contains can be stored, retrieved, updated and sorted.
Adamson Decl. Ex. B, at 91 (citation omitted). In rendering that opinion, Finjan's expert cited the Dictionary of Computer Words for the following definition: "Database management system [-] the program or programs that control a database so that the information it contains can be stored, retrieved, updated and sorted." Id. The PTAB ultimately agreed with Finjan that Swimmer did not teach the "database manager" recited in the '494 Patent. Symantec IPR, 2017 WL 1041718, at *21.

Bitdefender's proposed construction is identical to Finjan's interpretation of "database manager" in the Symantec IPR. Although Finjan now contends that its expert provided the above cited dictionary definition as "an example of what type of functionality in database managers existed at the time," that is not how the expert framed his opinion. Compare Reply Br. at 6, with Adamson Decl., Ex. B at 92. ("Accordingly, Swimmer's audit system is not a program or programs that control a database so that the information it contains can be stored, retrieved, updated and sorted.").

Judge Alsup similarly construed "database manager" because the construction "comes verbatim from Finjan's own explanation of this limitation in a former IPR proceeding." Juniper, 2018 WL 4184338, at *8.

As to Judge Orrick's claim construction order in Sophos, Finjan's statements in the Symantec IPR and the PTAB's corresponding opinion postdate that order. See Resp. Br. at 6. Further, Judge Orrick's construction of "database" supports Bitdefender's position in at least two respects. First, Judge Orrick found that "[t]he database indexes information according to a database schema (Downloadable IDs) and serves an application (a database manager) in the antivirus process." 2015 WL 890621, at *3 (emphasis added). That Sophos referred to the database manager as an "application," would—as Bitdefender maintains—support that the database manager does not include hardware. Second, as stated previously, Judge Orrick found that the "database manager uses the database to retrieve security profile data for an incoming Downloadable." Id. (emphasis added). That the database manager performs a retrieval function counsels against a finding that the manager could include hardware, and supports including the additional functions that Bitdefender elaborates in its interpretation (i.e. storing, retrieving, updating, and sorting).

D. "performing a hashing function on the Downloadable and the fetched software components to generate a Downloadable ID" ('780 Patent)

Finjan's Construction

Bitdefender's Construction

"performing a hashing function on theDownloadable together with its fetchedsoftware components to generate aDownloadable ID"

"performing a hashing function thatoperates across the combination of aDownloadable together with its fetchedsoftware components to transmute theDownloadable and its fetched softwarecomponents into a unique and reproducibleID for that Downloadable"

The Court adopts Bitdefender's construction.

The disputed term appears in independent claims 1, 9, and 18 of the '780 Patent. JCCS at 2. Claim 1 is representative of how the term is used in the claim language:

Claim 1

1. A computer-based method for generating a Downloadable ID to identify aDownloadable, comprising:obtaining a Downloadable that includes one or more references to software componentsrequired to be executed by the Downloadable;fetching at least one software component identified by one or more references; andperforming a hashtag function on the Downloadable and the fetched softwarecomponents to generate a Downloadable ID.

The parties' central dispute over this term is whether the claimed "hashing function" must generate a single (unique) Downloadable ID or can yield separate Downloadable IDs. See Resp. Br. at 8. Bitdefender argues for the former, relying largely on the summary judgment order in Finjan, Inc. v. Blue Coat Sys., Inc., No. 13-cv-03999-BLF, 2015 WL 3630000, at *6 (N.D. Cal. June 2, 2015) (Blue Coat I). Finjan contends that Bitdefender mischaracterizes the Blue Coat I summary judgment order by suggesting that only a single hash can be performed. Reply Br. at 7. According to Finjan, that multiple hashes can be performed "cuts directly against [Bitdefender's] construction requiring a hashing function to be performed across a combination of a Downloadable and its fetched components." Id. (emphasis added). Finjan further argues that (1) the Blue Coat I summary judgment order is contradicted by that court's ultimate jury instructions; and (2) other cases and a PTAB construction support Finjan's construction here.

Contrary to Finjan's objections, Judge Freeman's Blue Coat I summary judgment order supports Bitdefender's construction. In Blue Coat I, the parties initially agreed on the very construction Finjan advances in this litigation, which the Blue Coat I court naturally adopted in its claim construction order. Blue Coat I at *5. Despite this initial agreement, the parties later disputed what those words "actually" meant. Id. And forced to confront this dispute, the Blue Coat I court adopted the defendant's interpretation, concluding that there was "ample disclosure in the '780 Patent to support . . . that a hashing function performed on a Downloadable 'together with' its referenced components must operate across the combination of a Downloadable and its fetched components." Id. at *6 (emphasis added) (citing '780 Patent, 7:63-67, 9:58-59, 9:62-65, and Fig. 8).

Notably, the Blue Coat I court found both that: (1) a hashing function is not necessarily limited to a single computation; and (2) a hash or hashes "must create a unique and reproducible ID when applied to a Downloadable and its components." Id. (citing '780 Patent, 4:64-66). In so finding, the court observed that while hashing could be "accomplished by a sequence of several hashes or computations" it would "not necessarily follow that the ID generator performs 'one or more' hashing functions to generate 'one or more' Downloadable IDs for each Downloadable." Id. at 7. The court added that this finding was not contrary to the "general rule that the indefinite articles 'a' or 'an' can mean 'one or more." Id. (citing Baldwin Graphic Sys., Inc. v. Siebert, Inc., 512 F.3d 1338, 1342 (Fed. Cir. 2008)). The court concluded that "it is clear that the phrase 'performing a hashing function on the Downloadable together with its fetched software components to generate a Downloadable ID,' requires a computation or combination of computations that transmutes the Downloadable and its components into a unique and reproducible ID for that Downloadable.'" Id. The Court finds this reasoning from Blue Coat I both persuasive and correct.

Against this conclusion, Finjan notes that the ultimate jury instructions in Blue Coat I tracked the Markman order's construction, which tracks Finjan's proposed construction here. See Reply Br. at 8; Dkt. No. 84-1 ("Manes Reply Decl.") Ex. 2, at 2. But Judge Freeman's submission of jury instructions tracking constructions agreed to by the parties in Blue Coat I does not negate her detailed analysis on summary judgment of what the claim term in fact means. Further, it appears Judge Freeman relied on her summary judgment construction in a post-trial order. See Finjan, Inc. v. Blue Coat Sys., Inc., No. 13-cv-03999-BLF, 2016 WL 3880774, at *9 (N.D. Cal. July 18, 2016) ("[Finjan's expert] testified, based on documents, source code, and the testimony of Blue Coat engineers, that the web page and its components are gathered in a buffer and then hashes are related to form a Downloadable ID of the web page and its components. Thus, substantial evidence supported the jury's verdict.") (internal citation omitted).

Finjan's reliance on other cases is similarly unavailing. Just two of those cited decisions post-date the Blue Coat I summary judgment order. See Reply Br. at 8. And while one of those decisions adopted Finjan's interpretation, it provided only the following reasoning: "Adopting PTO Construction from the IPR of the '780 patent April, 2016." See Finjan, Inc. v. Eset, LLC, No. 3:17-cv-0183-CAB-(BGS), 2017 WL 5501338, at *2 (S.D. Cal. Nov. 14, 2017). Unsurprisingly, the PTAB's construction referenced in Eset is the other decision on which Finjan relies. See Dkt. No. 76-2 ("Manes Decl."), Ex. 12. But the PTAB there applied a claim construction standard inapplicable here: the "broadest reasonable interpretation." Id. at 6-7. The PTAB did not reference, or otherwise appear to consider, the Blue Coat I summary judgment order.

More recently, judges in this district have had the opportunity to construe this term on two occasions. In Cisco, Judge Freeman adopted her Blue Coat I summary judgment order's reasoning. 2018 WL 3537142, at *13-14. In another case, however, Judge Alsup sided with the PTAB's analysis. Order Granting Early Motion for Summary Judgment on '780 Patent at 6-10, Finjan, Inc. v. Juniper Networks, Inc., No. C 17-05659 WHA (N.D. Cal. Aug. 9, 2018), ECF 180. As explained above, the Court agrees with the analysis in Cisco and Blue Coat I's summary judgment analysis.

The Court recognizes that this Court's construction differs slightly from Judge Freeman's in Cisco, but does not view the difference as material. Judge Freeman there rejected a party's attempt to import Blue Coat I's summary judgment reasoning into their proposed construction because it also included "unnecessary" and "confusing" language. 2018 WL 3537142, at *14. The Court finds that Bitdefender's proposal here does not suffer from that same defect.

E. "fetching" ('780 Patent)

Finjan's Construction

Bitdefender's Construction

No construction necessary - Plain andordinary meaning. Plain and ordinary offetching is "retrieving."

"retrieving a software component that is notincluded in the Downloadable"

The Court adopts Finjan's construction and finds that the plain and ordinary meaning of "fetching" is "retrieving," which is not limited as Bitdefender suggests.

The disputed term appears in independent claims 1 and 18 of the '780 Patent. JCCS at 2. Claim 1 is representative of how the term is used in the claim language:

Claim 1

1. A computer-based method for generating a Downloadable ID to identify aDownloadable, comprising:obtaining a Downloadable that includes one or more references to software componentsrequired to be executed by the Downloadable;fetching at least one software component identified by one or more references; andperforming a hashtag function on the Downloadable and the fetched software componentsto generate a Downloadable ID.

The parties agree that fetching means "retrieving," but dispute whether the fetched software component must be within the Downloadable. See Op. Br. at 11. Bitdefender contends this limitation is warranted due to Finjan's purported prior disavowals. See Resp. Br. at 12-13.

To start, the specification supports the parties' agreement that fetching means "retrieving," and that the software component retrieved at least could be within the Downloadable. The specification provides:

The ID generator 315 receives a Downloadable (including the URL from which it came and the userID of the intended recipient) from the external computer network 105 via the external communications interface 210, and generates a Downloadable ID for identifying each Downloadable. The Downloadable ID preferably includes a digital hash of the complete Downloadable code. The ID generator 315 preferably prefetches all components embodied in or identified by the code for Downloadable ID generation. For example, the ID generator
315 may prefetch all classes embodied in or identified by the Java™ applet bytecode to generate the Downloadable ID. Similarly, the ID generator 315 may retrieve all components listed in the INF file for an ActiveX™ control to compute a Downloadable ID. Accordingly, the Downloadable ID for the Downloadable will be the same each time the ID generator 315 receives the same Downloadable.
'780 Patent, 4:60-65 (emphasis added); see Op. Br. at 11-12. Finjan's expert opines that the Java "applet" embodiment contravenes Bitdefender's interpretation here because, "[a]s was well known at the time, Java applets were distributed as Downloadables as a single JAR file with referenced software components included in the JAR file." Medvidovic Decl. ¶ 27. This embodiment thus shows that fetching can refer to "retrieving components included in the Downloadable." Id. Bitdefender's expert replies that fetching an applet involves retrieving external software components, but that understanding is not exclusive of Finjan's. Put differently, Bitdefender's expert does not say all of the fetched components must be external to the Downloadable. See Shaefer Decl. ¶¶ 45-47. There could, for instance, be both internal and external software components that are fetched, which aligns with Finjan's reading of the specification.

Bitdefender's disavowal argument similarly fails because the two documents on which Bitdefender relies do not show that Finjan clearly and unequivocally disclaimed any broader understanding of "fetching." See Poly-America, L.P., 839 F.3d at 1136. First, Bitdefender relies on an October 13, 2013 Office Action Response document issued by the patent examiner. See Resp. Br. at 12; Adamson Decl. Ex. G, at 6. The cited pages, however, do not expressly mention fetching and appear only to observe the prior art's teachings regarding "code signing." See Adamson Decl. Ex. G, at 6; Reply Br. at 9. Second, Bitdefender relies on Finjan's IPR Preliminary Response in Bluecoat Systems, Inc. v. Finjan, IPR2016-00492 (P.T.A.B.). See Resp. Br. at 12; Adamson Decl. Ex. H, at 34-36. But while the cited text distinguishes the prior art, Finjan did not make any affirmative statements regarding the scope of its claims:

In order to certify that a downloaded file is from a particular source and is uncorrupted, there is simply no need (let alone a need recognized in either Rubin or Waldo) to fetch any software components referenced in the downloaded file.
Adamson Decl. Ex. H, at 35. Thus, neither of these statements show the patentee disavowed the full scope of the claim term such that further construction is needed. See Thorner, 669 F.3d at 1365.

F. "a content processor for (i) processing content received over a network" ('154 Patent)

Finjan's Construction

Bitdefender's Construction

No construction necessary - Plain andordinary meaning

This phrase should be construed pursuant to35 U.S.C. § 112(6) to cover thecorresponding structure disclosed in the'154 patent, namely the web browserreferred to at 2:64-3:2 ("a conventionalweb browser"), 10:60-11:4 ("a webbrowser running on a client computer"),and 15:33-37 ("a web browser"),programmed to perform the operationsdescribed at 11:54-59, 12:62-13:3, and15:52-56, and equivalents thereof.Alternatively, "a web browser"

The Court holds that no construction is necessary.

The disputed term appears in independent claim 1 of the '154 Patent. JCCS at 2.

Claim 1

1. A system for protecting a computer from dynamically generated malicious content,comprising:a content processor (i) for processing content received over a network, the contentincluding a call to a first function, and the call including an input, and (ii) for invoking asecond function with the input, only if a security computer indicates that such invocationis safe;a transmitter for transmitting the input to the security computer for inspection, when thefirst function is invoked; anda receiver for receiving an indicator from the security computer whether it is sake toinvoke the second function with the input.

Finjan again argues that no construction is necessary for this term. Bitdefender responds that (1) "content processor" is subject to Section § 112(6), and (2) to find structure and thus avoid the application of Section 112(6), the Court at least must construe the term as "a web browser."

This Court previously construed the term at issue here and found that the term is definite and speaks for itself. See Finjan, Inc., v. Proofpoint, Inc., No. 13-CV-05808-HSG, 2015 WL 7770208, at *11 (N.D. Cal. Dec. 3, 2015). In Proofpoint, the Court rejected the very argument Bitdefender now advances: that "content processor" is a means-plus-function term subject to Section 112(6). Id. at *11-12. In detail, this Court explained that (1) neither "means" nor an equivalent nonce word appeared in the claim language; and (2) the term "content processor" had a "sufficiently specific structure" based on the claim language and specification. See id. at *10-11 (citing Williamson, 792 F.3d at 1349); '154 Patent at 17:32-44, 17:45-49, 18:7-22, Figs. 2-3. Holding that the term does not come within Section 112(6), the Court held that "the term does not require any construction beyond its plain and ordinary meaning." Id. at *11.

Bitdefender nonetheless asks the Court to revisit its prior construction in Proofpoint in light of the Federal Circuit's "intervening" decision in Media Rights. See Resp. Br. at 14-15. Bitdefender argues that Media Rights refined Williamson by emphasizing that relational structure is not sufficient, and that there must be a disclosure of the object's "internal components." See Resp. Br. at 15. But Bitdefender ignores that Media Rights's indefiniteness finding was predicated on several factors not present here. For one, unlike here, the "compliance mechanism" term in Media Rights included one of Williamson's exemplary "nonce" words. See Media Rights, 800 F.3d at 1372. And unlike in Media Rights, the specification here provides tangible examples of the content processor. See '154 Patent, 2:64-67 ("Client computer 110 includes a content processor 170, such as a conventional web browser, which processes Internet content and renders it for interactive viewing on a display monitor."), 10:61-62 ("Content processor may be a web browser running on client computer 210."). Based in part on this embodiment, Finjan's expert reasonably opines that a person skilled in the art would understand "content processor" to possess its plain meaning. See Medvidovic Decl. ¶ 30; cf. Media Rights, 800 F.3d at 1372 (recognizing the parties' agreement that "compliance mechanism" has "no commonly understood meaning and is not generally viewed by one skilled in the art to connote a particular structure"). Finally, even if Media Rights could be argued to counsel in favor of reconsidering the Proofpoint ruling, the Federal Circuit's more-recent decision in Zeroclick more than affirms the Court's reasoning. That decision made clear that courts must avoid invoking Section 112(6) in the absence of a proper nonce word, which is not present here. Zeroclick LLC, 891 F.3d at 1008.

Media Rights pre-dated the Proofpoint claim construction order by several months. Bitdefender nonetheless characterizes it as "intervening" because no party in Proofpoint filed a notice of supplemental authority. See Resp. Br. at 14; Dkt. No. 89 at 75:16-19.

The Court is not persuaded that Media Rights in any way changes the Court's prior reasoning and finding from Proofpoint. In turn, the Court again finds that no construction is necessary for this term and that "content processor" has sufficiently specific structure based on the claim language and specification.

At the claim construction hearing, Bitdefender's counsel explained that its "alternative construction was based on what [it] believe[d] would be necessary to find structure to avoid the application of [Section] 112(6)" and thus withdrew the alternative construction if the Court adopted its Proofpoint findings. Dkt. No. 89 at 76:2-6. The Court thus need not address the alternative construction here.

G. "a call to a first function" and "a second function" ('154 Patent)

Finjan's Construction

Bitdefender's Construction

No construction necessary - Plain andordinary meaning

"a call to a first function""a programmatic statement or instruction inthe content, coded as the name of a functionalong with any parameters needed for thefunction to perform its task, requesting theservices of a substitute function that wasreplaced for an original function within thecontent, at a gateway computer, prior to thecontent being received at the clientcomputer"---------------"a second function""the original function that was replacedwith the previously identified substitutefunction call within the content, at agateway computer, prior to the contentbeing received at the client computer"

The Court holds that no constructions are necessary.

The disputed terms appear in independent claims 1 and 4 of the '154 Patent. JCCS at 3. Claim 1 is representative of how the terms are used in the claim language:

Claim 1

1. A system for protecting a computer from dynamically generated malicious content,comprising:a content processor (i) for processing content received over a network, the contentincluding a call to a first function, and the call including an input, and (ii) for invoking asecond function with the input, only if a security computer indicates that such invocationis safe;a transmitter for transmitting the input to the security computer for inspection, when thefirst function is invoked; anda receiver for receiving an indicator from the security computer whether it is sake toinvoke the second function with the input.

As with the previous term, Finjan asks this Court to confirm its Proofpoint holding and find that each term's plain and ordinary meaning governs and that no construction is necessary. See Op. Br. at 14-15; Proofpoint, Inc., 2015 WL 7770208, at *9. In response, Bitdefender claims that its proposed constructions in fact better reflect the Court's Proofpoint analysis. Resp. Br. at 20-21. Specifically, Bitdefender argues that in Proofpoint, the Court rejected the defendants' claim that the "first" and "second" functions "must be different functions," based on its finding that "'second function' described in the claims can be the 'original function' identified in the specification." 2015 WL 7770208, at *9.

The Court agrees that Bitdefender's construction in some sense tracks the Court's analysis in Proofpoint, but it does not necessarily follow that the Court should import substantial limitations from the specification into the disputed terms. In finding, for example, that "'the second function' described in the claims can be the 'original function' identified in the specification," the Court noted:

Moreover, the Federal Circuit has repeatedly warned courts that "it is the claims, not the written description, which define the scope of the patent right." Laitram Corp. v. NEC Corp., 163 F.3d 1342, 1347 (Fed. Cir. 1998) ("[A] court may not import limitations from the written description into the claims."). Here, the claims do not use "original" and "substitute" functions.
Proofpoint, 2015 WL 7770208, at *9 & n.4. Declining to import the terms "original" and "substitute" into the claim language, the Court concluded that these terms' plain and ordinary meanings govern. In so concluding the Court reasoned that these words were "ordinary, simple English words whose meaning is clear and unquestionable. . . . They mean exactly what they say." Id. (citing Chef Am., Inc. v. Lamb-Weston, Inc., 358 F.3d 1371, 1373 (Fed. Cir. 2004)). The Court's prior decision not to read "original" and "substitute" into the claim terms also applies here, even if Bitdefender's position aligns with some of the Court's reading of the specification.

Bitdefender also presents no new authority for the Court to revisit its prior construction. See Reply Br. at 12. Bitdefender instead asserts that the Court's Proofpoint order "did not address the Patentee's disavowal by reference to 'the present invention' and 'consistent and exclusive disclosure of a single embodiment' corresponding to the first and second functions of the claims." See Resp. Br. at 21. But Bitdefender's disavowal argument fails. To be sure, the '154 Patent refers at times to the "original" and "substitute" functions as included in several "preferred embodiment(s) of the present invention." See, e.g., '154 Patent, 6:4-49. But there are several references to a "preferred embodiment of the present invention" that include "a call to a first function" and "invoking the second function" without the use of the terms "original" and "substitute." See '154 Patent, 7:8-19, 7:32-43. In addition, the patentee articulates several preferred embodiments of the present invention that refer only to "a function with the input," and lack any specific reference to a "first" or "second" function. See '154 Patent, 7:44-50, 7:51-58, 7:59-65. Considering this variation, the Court finds that the patentee did not demonstrate a clear intention to limit the claimed invention to "first" and "second" and/or "original" and "substitute" functions. Cf. Honeywell Int'l, Inc. v. ITT Indus., Inc., 452 F.3d 1312, 1318-20 (Fed. Cir. 2006) (holding the patentee disavowed the use of carbon fibers from the claimed invention both because "the only fuel component disclosed and claimed in the patent was a fuel filter," and because the patent's written description "informed its readers specifically why carbon fibers would not be suitable . . . in the claimed invention"). This finding is consistent with the Court's statement in Proofpoint that the second function "can" be the original function described in the specification, not that it must be. See 2015 WL 7770208, at *9.

Given the lack of a clear disavowal of subject matter, the Court reaffirms its prior holding that the terms' plain and ordinary meanings govern, and no construction is necessary. See Phillips, 415 F.3d at 1312 ("[T]he words of a claim are generally given their ordinary and customary meaning.").

The Court acknowledges that a recent decision by Judge Freeman in this district construed these terms differently. See Cisco, 2018 WL 3537142, at *20-23. The parties here, however, do not present the same arguments that were raised in that case. More important, the Court respectfully differs with Cisco's apparent confinement of the claim to embodiments disclosed in the specification. See id. ("Finjan does not point to any disclosure in the '194 patent that shows that invoking the 'first function' and 'second function' are the same type of function."). Cf. Phillips, 415 F.3d at 1323 ("[A]lthough the specification often describes very specific embodiments of the invention, we have repeatedly warned against confining the claims to those embodiments."). --------

H. "when the first function is invoked" ('154 Patent)

Finjan's Construction

Bitdefender's Construction

No construction necessary - Plain andordinary meaning

"in response to the first function beinginvoked"

The Court finds that no construction is necessary, that the plain and ordinary meaning of "when" applies, and that the plain and ordinary meaning of "when" is not limited to the conditional meaning of the word, as Bitdefender proposes.

The disputed term appears in independent claims 1 and 4 of the '154 Patent. JCCS at 3. Claim 1 is representative of how the term is used in the claim language:

Claim 1

1. A system for protecting a computer from dynamically generated malicious content,comprising:a content processor (i) for processing content received over a network, the contentincluding a call to a first function, and the call including an input, and (ii) for invoking asecond function with the input, only if a security computer indicates that such invocationis safe;a transmitter for transmitting the input to the security computer for inspection, when thefirst function is invoked; anda receiver for receiving an indicator from the security computer whether it is sake toinvoke the second function with the input.

The parties' dispute here turns on whether the Court must construe the term "when" to mean "in response to." See Dkt. No. 89, at 90:24-25, 91:4-5. Finjan contends that this simple English word speaks for itself and that a plain and ordinary meaning thus should apply. Op. Br. at 17. Finjan's expert adds that a person skilled in the art needs no further limitation or construction to understand this word when read in context. Medvidovic Decl. ¶¶ 41-43. In response, Bitdefender contends that "when" can have both a conditional and temporal meaning. See Resp. Br. at 21-22. And Bitdefender claims that the patentee repeatedly used "when" to connote a contingency, as "the input is not passed to the security computer until the content processor" executes a call to the security computer. Id. at 22. Bitdefender again relies on Honeywell for the proposition that the patentee's repeated and exclusive reference to this term's conditional meaning implies a disavowal of alternate interpretations. See id. at 23 (citing 452 F.3d at 1318).

The Court agrees that "when" can have conditional or temporal importance, but the Court finds no indication that the patentee either acted as his own lexicographer or disavowed one of these interpretations. Even the conditional meaning of "when" can include a temporal element, in this context. For example, the input is not passed until (or after) the call to the security computer is executed. See '154 Patent, 10:44-64 ("When content processor invokes the substitute function call (2), the input is passed to security computer 215 for inspection."). There is accordingly no unmistakable disavowal to justify reading an extrinsic limitation into the claims. Phillips, 415 F.3d at 1315.

The Court thus finds that the plain and ordinary meaning of "when" governs, and that the plain and ordinary meaning is not limited to the conditional sense of the word, as Bitdefender argues.

I. "a warning of potential risk" ('299 Patent)

Finjan's Construction

Bitdefender's Construction

No construction necessary - Plain andordinary meaning

"an indication that a security assessmenthas not yet been performed by the contentscanner, distinct from presenting potentialsecurity risks"

The Court finds that no construction is necessary.

The disputed term appears in independent claims 1, 13, 20, and 21 of the '299 Patent. JCCS at 3. Claim 1 is representative of how the term is used in the claim language: // // //

Claim 1

1. A method for appending security information to search engine results, comprising:issuing to a search engine a search request for web content, the search request having atleast one designated search term;receiving from the search engine search results identifying web content that includes the atleast one designated search term;generating a search results summary that presents the identified web content;issuing to a content scanner a request for assessment of at least a portion of the identifiedweb content, for potential security risks;receiving from the content scanner assessments of potential security risks of the at least aportion of the identified web content; anddynamically generating a combined search and security results summary comprising:presenting the at least a portion of the identified web content, subsequent to saidgenerating a search results summary and prior to completion of said receiving from thecontent scanner;dynamically updating the combined search and security results summary, comprisingpresenting potential security risks of the presented web content, after the assessmentsof potential security risks are received from the content scanner; anddisplaying a warning of potential risk, subsequent to said presenting and prior to saiddynamically updating.

The parties dispute whether the claim language speaks for itself. Finjan argues that it does and thus the Court need not construe the term. Op. Br. at 18-19. Bitdefender disagrees, arguing that Finjan amended its claims to require a "time sequence of operations" whereby the "warning of potential risk" signals that a security assessment has yet to be performed by the content scanner. Resp. Br. at 24. Bitdefender highlights that nothing in its construction is "inconsistent" with the claim language. Id. at 25.

Although Bitdefender's interpretation does not expressly contravene a reading of the claims, Bitdefender fails to overcome the presumption that a plain and ordinary meaning should apply. The language of claim 1 states that "a warning of potential risk" occurs "subsequent to said presenting and prior to said dynamically updating [the combined search and security results summary]." See '299 Patent, 13:10-16. And those parts of the prosecution history that Bitdefender cites do not show the clear disavowal of some timing component that is not already reflected in claim 1's language. See Adamson Decl., Ex. N at 4, Ex. O at 2-3 ("[D]isplaying a notice of risk, indicating that said generating a combined search and security results summary is in progress, subsequent to said generating a search results summary and prior to said generating a combined search and security results summary."), Ex. P at 2-3 (claiming "displaying a . . . warning of potential risk, . . . subsequent to said . . . presenting and prior to said . . . dynamically updating."). There is similarly no basis for further construction based on amendments made during the '299 patent's prosecution, as any such amendments were sufficiently incorporated into the claim language. Id.

At the claim construction hearing, Bitdefender stressed that a September 10, 2010 Office Action Response referred to the "warning of potential risk" taking place "in the interim" between "presenting" and "dynamically updating," but that language "is not there in the claim." Dkt. No. 89 at 107:11-23; Dkt. No. 81-2 Ex. P, at 15. But again, nothing about the warning of potential risk occurring "in the interim" is not already reflected in the claim by the language that it takes place "subsequent to said presenting and prior to said dynamically updating." The temporality of "in the interim," in other words, is present in the claim already.

The Court finds the principle against importing extrinsic limitations into the claim terms applies under the circumstances because Bitdefender has not demonstrated any unambiguous disavowal that is not already reflected in the claim language. // // // // // // // // // // // //

IV. CONCLUSION

The Court CONSTRUES the disputed terms as follows:

Patent

Claim Term

Construction

'494

"suspicious computer operations"

"hostile or potentially hostile computeroperations"

'494

"Downloadable scanner coupled with saidreceiver, for deriving security profile datafor the Downloadable"

"Downloadable software that searchescode to identify suspicious patterns orsuspicious computer operations, coupledwith said receiver, for deriving securityprofile data for the Downloadable"

'494

"database manager"

"A program or programs that control adatabase so that the information itcontains can be stored, retrieved,updated, and sorted"

'780

"performing a hashing function on theDownloadable and the fetched softwarecomponents to generate a DownloadableID"

"performing a hashing function thatoperates across the combination of aDownloadable together with its fetchedsoftware components to transmute theDownloadable and its fetched softwarecomponents into a unique andreproducible ID for that Downloadable"

'780

"fetching"

No construction necessary - Plain andordinary meaning of "fetching" is"retrieving," which is not limited asBitdefender suggests

'154

"a content processor for (i) processingcontent received over a network"

No construction necessary - Plain andordinary meaning

'154

"a call to a first function"

No construction necessary - Plain andordinary meaning

'154

"a second function"

No construction necessary - Plain andordinary meaning

'154

"when the first function is invoked"

No construction necessary - Plain andordinary meaning, which is not limitedto the conditional meaning of "when"

'299

"a warning of potential risk"

No construction necessary - Plain andordinary meaning

// //

The Court SETS a further case management conference ("CMC") for March 12, 2019 at 2:00 p.m. The Court also DIRECTS the parties to meet and confer before the CMC to discuss a proposed case schedule through trial and to submit a joint CMC statement by March 5, 2019.

IT IS SO ORDERED. Dated: 2/14/2019

/s/_________

HAYWOOD S. GILLIAM, JR.

United States District Judge


Summaries of

Finjan, Inc. v. Bitdefender Inc.

UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA
Feb 14, 2019
Case No. 17-cv-04790-HSG (N.D. Cal. Feb. 14, 2019)
Case details for

Finjan, Inc. v. Bitdefender Inc.

Case Details

Full title:FINJAN, INC., Plaintiff, v. BITDEFENDER INC., et al., Defendants.

Court:UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA

Date published: Feb 14, 2019

Citations

Case No. 17-cv-04790-HSG (N.D. Cal. Feb. 14, 2019)

Citing Cases

Finjan, Inc. v. Qualys Inc.

But the requirement here is not merely part of a preferred embodiment—it is a basic feature of how the…

Finjan, Inc. v. Juniper Networks, Inc.

Judge Gilliam, however, adopted Finjan’s proposed construction because those defendants unsuccessfully…