Finjan, Inc. v. Symantec Corp.

Full title: FINJAN, INC., Plaintiff, v. SYMANTEC CORP., Defendant.

Court: UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA

Date published: Jan 29, 2018

Case No.14-cv-02998-HSG (JSC) (N.D. Cal. Jan. 29, 2018)

Opinion

Case No.14-cv-02998-HSG (JSC)

01-29-2018

FINJAN, INC., Plaintiff, v. SYMANTEC CORP., Defendant.

JACQUELINE SCOTT CORLEY United States Magistrate Judge

ORDER RE SYMANTEC'S MOTION TO STRIKE FINJAN'S EXPERT REPORTS

Re: Dkt. Nos. 301, 304, 310, 315, 322

Plaintiff Finjan Inc. ("Finjan") alleges Defendant Symantec Corporation ("Symantec") infringes several of Finjan's patents. Now pending before the court is Symantec's motion to strike portions of Finjan's expert reports. (Dkt. No. 304.)¹ Having carefully reviewed the parties' briefing and having had the benefit of oral argument on January 25, 2018, the Court GRANTS Symantec's motion in part and DENIES it in part.

1 Record citations are to material in the Electronic Case File ("ECF"); pinpoint citations are to the ECF-generated page numbers at the top of the documents. --------

PROCEDURAL BACKGROUND

Finjan served its infringement contentions on December 4, 2014 and supplemented them on April 23, 2015 pursuant to the parties' stipulation. (Dkt. Nos. 71, 300-1 ¶ 7.) Symantec believed the supplemental contentions failed to comply with the Patent Local Rules and filed a motion to strike. (Dkt. No. 79.) The district court denied Symantec's motion on February 15, 2017. (Dkt. No. 172.) Finjan later sought a stipulation from Symantec to permit Finjan to amend its infringement contentions solely "to reflect Finjan's allegation that its Finjan Mobile VitalSecurity Browser practices asserted claims of U.S. Patent Nos. 7,757,289; 7,930,299; 8,105,182; 8,141,154; and 8,677,494." (Dkt. No. 160.) Finjan did not seek to amend its claim charts or add any new accused products at that time. (See id.) Symantec agreed to the limited amendment, and the Court approved the stipulation. (Dkt. No. 161.)

At the conclusion of fact discovery, Finjan moved to amend its infringement contentions to add theories under the doctrine of equivalents. (See Dkt. Nos. 206, 225, 231, 240.) This Court granted Finjan leave to serve its amendments under the doctrine of equivalents concluding Finjan had shown good cause because "Symantec provided 72 pages of information in response to Interrogatory No. 10 one hour before the close of discovery." (Dkt. No. 279 at 4:12-13.) The Court also noted that Finjan's proposed amendments did not add new claims or products. (Id. at 7:20-21.)

After two extensions, the parties stipulated to a third extension for opening expert reports to July 31, 2017, which the district court granted. (Dkt. No. 229.) Finjan provided an expert report by Dr. Eric Cole and a second report Dr. Michael Mitzenmacher. (Dkt. Nos. 310-15, 310-17.) Expert discovery closed on September 29, 2017. (Dkt. No. 283 at 2.) That same day the district court granted IAC Search and Media, Inc.'s ("IAC") motion to intervene and revised the case schedule to permit IAC to serve rebuttal expert reports by December 8, 2017 and set December 22, 2017 as the close of IAC expert discovery. (Dkt. Nos. 287, 291 at 1.) This patent infringement case is scheduled for trial on July 9, 2018. (Dkt. No. 291 at 2.)

LEGAL STANDARD

This District's Patent Local Rules require both parties to provide early identification of their respective infringement and invalidity theories. See Patent L.R. 3-1, 3-3. Patent Local Rule 3-1 provides that a party claiming patent infringement must serve a disclosure of asserted claims and infringement contentions that addresses "[s]eparately for each asserted claim, each accused apparatus, product, device, process, method, act, or other instrumentality ("Accused Instrumentality") of each opposing party of which the party is aware." Patent L.R. 3-1(b). "The identification shall be as specific as possible." Id. The patentee must further provide "[a] chart identifying specifically where each limitation of each asserted claim is found within each Accused Instrumentality." Id. at 3-1(c). Once served, the contentions constitute the universe of the parties' respective theories, and those contentions may be amended only by order of the court and upon a showing of good cause. Patent L.R. 3-6.

The purpose of these disclosures is to "require parties to crystallize their theories of the case early in the litigation," O2 Micro Int'l Ltd. v. Monolithic Power Sys., Inc., 467 F.3d 1355, 1364 (Fed. Cir. 2006) (quoting Atmel Corp. v. Info. Storage Devices, Inc., No. C 95-1987 FMS, 1998 WL 775115, at *2 (N.D. Cal.1998)), so as to "further the goal of full, timely discovery and provide all parties with adequate notice of and information with which to litigate their cases," Genentech, Inc. v. Trustees of Univ. of Pennsylvania, Case No. 10-cv-2037, 2012 WL 424985, at *2 (N.D. Cal. Feb. 9, 2012) (citation and internal quotation marks omitted). "The rules thus seek to balance the right to develop new information in discovery with the need for certainty as to the legal theories." O2 Micro, 467 F.3d at 1366. A district court has wide discretion in enforcing the Patent Local Rules. Id. at 1365-66;SanDisk Corp. v. Memorex Prods., Inc., 415 F.3d 1278, 1292 (Fed.Cir.2005).

"[A]ll courts agree that the degree of specificity under Local Rule 3-1 must be sufficient to provide reasonable notice to the defendant why the plaintiff believes it has a 'reasonable chance of proving infringement.'" Shared Memory Graphics LLC v. Apple, Inc., 812 F.Supp.2d 1022, 1025 (N.D. Cal.2010) (quoting View Eng'g, Inc. v. Robotic Vision Sys., Inc., 208 F.3d 981, 986 (Fed. Cir. 2000)); see also Blue Spike, LLC v. Adobe Sys., Inc., No. 14-CV-01647-YGR JSC, 2015 WL 335842, at *4 (N.D. Cal. Jan. 26, 2015). While "[i]nfringement contentions serve as substitutes for interrogatories, [ ] they also act as forms of pleading that disclose the parties' theories of their case and thereby shape discovery and the issues to be determined at trial." Apple Inc. v. Samsung Electronics Co., No. 12-CV-0630-LHK PSG, 2013 WL 3246094, at *3 (N.D. Cal. June 26, 2013). "Parties accordingly need not 'prove up' their theories by providing evidence beyond the material they have at the time they make their contentions." Id.; see also AntiCancer, Inc. v. Pfizer, Inc., 769 F.3d 1323, 1338 (Fed. Cir. 2014) (a patentee's infringement contentions "do not need to include proof or direct evidence of infringement"). The dispositive inquiry in a motion to strike is thus whether the allegedly undisclosed "theory" is in fact a new theory or new element of the accused product alleged to practice a particular claim that was not previously identified in the plaintiff's contentions, or whether the "theory" is instead the identification of additional evidentiary proof showing that the accused element did in fact practice the limitation. Oracle Am., Inc. v. Google Inc., No. C 10-03561 WHA, 2011 WL 4479305, at *3 (N.D. Cal. Sept. 26, 2011); see also Genentech, 2012 WL 424985, at *2. If the theory is new, prejudice is "inherent in the assertion of a new theory after discovery has closed." Adobe Sys. Inc. v. Wowza Media Sys., No. 11-CV-02243-JST, 2014 WL 709865, at *15 n.7 (N.D. Cal. Feb. 23, 2014).

A "party may not use an expert report to introduce new infringement theories, new infringing instrumentalities, new invalidity theories, or new prior art references not disclosed in the parties' infringement contentions or invalidity contentions." ASUS Comp. Int'l v. Round Rock Research, LLC, No. 12-CV-02099-JST, 2014 WL 1463609, at *1 (N.D. Cal. Apr. 11, 2014).

DISCUSSION

Symantec argues Finjan disclosed new infringement contentions for the first time in Finjan's expert reports and that these new infringement contentions fall into three categories: (1) products that were never identified as infringing in Finjan's Rule 3-1(b) disclosure or discussed in Finjan's claim charts, (2) technologies that were not identified in Finjan's infringement contentions, and (3) theories of infringement that were never disclosed in Finjan's infringement contentions. Because Symantec contends it was not permitted to develop a full record as to these previous undisclosed theories or the opportunity to investigate Finjan's new contentions, it asks the Court to strike the products and technologies.

As a preliminary matter, the Court notes that Symantec asserts that the "Symantec Protection Engine" product appears in Dr. Medvidovic's report as infringing the '996 and '154 patents but Finjan did not list this product in its Patent Local Rule 3-1(b) disclosures. However, Finjan concedes it does not allege "Symantec Protection Engine" infringes the '996 and '154 patents. (Dkt. No. 311 at 10:2-4.) Therefore, Symantec's request is moot and the Court need not rule on this issue. The Court shall proceed to review Symantec's remaining challenges.

I. Symantec's Motion to Strike

A. Products

1. Norton Security Products under the '844 and '926 Patents

Symantec contends Finjan's expert report identifies the Norton Antivirus, Norton 360, and Norton Internet Security, among others, as products infringing the '844 and '926 patents but that its infringement contentions did not identify these products as infringing the '844 or '926 patents. Symantec therefore moves to strike the expert's references to these products in connection with the '844 and '926 patents on the grounds that they were not in Finjan's Patent Local Rule 3-1(b) disclosure for the '844 and '926 patents nor identified in any claim chart for these patents.

After much back and forth at oral argument, it was agreed that Finjan is not accusing the separate Norton Antivirus, Norton 360, and Norton Internet Security products as they existed before they were combined into the Norton Security product. Finjan clarified that its experts discuss these products in connection with the '844 and '926 patents to explain why the Norton Security product infringes, but that it is not separately accusing the uncombined Norton Antivirus, Norton 360, and Norton Internet products. With this understanding, Symantec's motion on this issue is denied as moot.

2. Symantec Endpoint Protection Small Business Products under the '844

Symantec contends that Finjan's infringement contentions did not identify the Endpoint Protection Small Business product as an accused product for the '844 patent in Finjan's infringement contentions. Finjan argues that the product it did identify--"Symantec Endpoint Protection.Cloud"--is an alternative name for the same product. At oral argument Symantec conceded the Small Business product is technically the same product but with a different name. The Court therefore denies Symantec's motion.

3. SEP. Cloud Product under the '494 Patent

Symantec next argues that Finjan did not disclose in its infringement contentions that "Symantec Endpoint Protection" infringes the '494 patent (Dkt. No. 300-7 at 7:18-8:6), yet Finjan's expert Dr. Cole opined that "Endpoint Protection.Cloud" and "Endpoint Protection with ATP" infringe the asserted claims of the '494 patent. (Dkt. No. 301-4 at 11.) Symantec asserts that Endpoint Protection.Cloud, which is asserted in Finjan's infringement contentions, is a different product from Symantec Endpoint Protection.

Oral argument again helped clarify the parties' positions. Finjan stated on the record that it is only accusing the cloud Endpoint Protection product and not non-cloud based Endpoint Protection. Thus, Dr. Cole's discussion should be read as referring to Endpoint Protection cloud version with ATP. With this clarification, Symantec's motion on this issue is denied as moot.

4. ATP:Email under the '289 and '926 Patent

Symantec argues Dr. Mitzenmacher's opinion that ATP:Email infringes the '289 and '926 patents is improper because the product was not released until a year after Finjan's infringement contentions were served. The Court agrees. "ATP:Email" is not listed as an infringing product under the '289 or '926 patents. (Dkt. No. 300-7 at 5-6.)

Finjan's arguments that (1) it identified ATP:Email as infringing by relying on Symantec's white paper discussing "Link Altering" and (2) that Finjan properly identified ATP:Email in its infringement contentions by describing how Email Security.Cloud with the ATP add-on infringed both patents are unpersuasive because the local rules do not permit parties to identify accused products with categorical or functional identifications. Geovector, 2017 WL 76950, at *4. Further, Finjan may not accuse a product that is not released because Symantec cannot be "expected to defend against claims of infringement for products it has not produced yet." See InterTrust Technologies Corp., 2003 WL 23120174 at *2. Accordingly, Symantec's request to strike ATP:Email from Dr. Mitzenmacher's report is GRANTED.

5. MutantX Product under the '844 and '494 Patents

Symantec asserts that Dr. Cole's report includes infringement contentions regarding the MutantX product for the '844 and '494 patents that were not disclosed in Finjan's infringement contentions. (Dkt. No. 304 at 13:26-27.) Not so. Finjan listed the exact product, MutantX, in its infringement contentions for both the '844 and '494 patents. (Dkt. No. 300-7 at 5:16 and 8:3.)

However, Symantec further argues that Finjan's infringement theory for MutantX was limited to the product working in combination with other products, but Dr. Cole's report asserts that MutantX infringes Finjan's patents as a standalone product. At oral argument Finjan clarified that it is not claiming that MutantX infringes the '844 and '494 patents standing alone. With this representation, Symantec's motion on this issue is denied as moot.

B. Technologies

1. Symantec Anti-Virus Engine, Matrix, Sapient, MCPP, and MalHeur

Symantec argues that Finjan's expert reports identify Symantec Antivirus Engine ("AVE" or "AV Engine") and four AVE subcomponents, Matrix, MalHuer, Sapient, and MCPP, as meeting several claim limitations but that Finjan did not identify AVE or its subcomponents in its infringement contentions. After a review of Finjan's infringement contentions, the Court agrees that AVE, AV Engine, or Symantec Antivirus Engine and its subcomponents do not appear in Finjan's infringement contentions. (See Dkt. No. 300-7.)

Finjan argues it identified the antivirus engine throughout it infringement contentions because it serves "as the core of Symantec's malware scanning technology and is used to scan content to determine if it is suspicious." Finjan asserts it identified the antivirus engine because it identified "file based malware scanning engine as infringing" and provides a citation in its claim charts to Symantec's "Next Generation anti-malware engine" as an example. Finjan urges the "SAPE" detections are reflected in its charts which are processed as part of AVE. While Finjan does identify "Next Generation anti-malware engine" and "SAPE" in its claim charts (Appendix A-1, Dkt. No. 310-19 at 3, 9), the Court will not assume these terms are references to "AV Engine" or "AVE" as such an assumption is barred by the Patent Local Rules. Further, Finjan actually identified "Next Generation Anti-Malware Engine" as something different from the antivirus engine product, namely, Symantec Protection Engine, in its claim charts. (Dkt. No. 310-19 at 4, 6.) Finjan is required to provide a chart "identifying specifically where and how each limitation of each asserted claim is found within each Accused Instrumentality." Patent Local Rule 3-1(c). Neither the Court nor Symantec should be required to guess which aspects of the accused products allegedly infringe each claim element. See Proofpoint, 2015 WL 1517920, at *7. The Court sees no reason why Finjan could not specifically identify the AVE or AV Engine or any of the subcomponents.

Finjan argues Symantec has hundreds of constantly changing acronyms and code names for its technologies and Finjan is not obligated to use specific codes names for AVE, MCPP, Sapient, MalHuer, and Matrix. However, Finjan fails to cite any authority to support this position. Further, in Symantec's reply brief Symantec notes that Finjan litigated the Matrix and Malheur technologies in a previous Delaware case. Finjan was on notice that these subcomponents form part of AVE, and therefore Finjan could have listed them individually. Finjan responds that the Matrix technology today is different from the technology at the time of the Delaware litigation, that it did not learn that the Matrix technology had been rewritten until the review of "millions of pages of technical documents," and it did not need to supplement its infringement contentions once it learned of this information because it had identified "Javascript detection techniques" which are implemented in the Symantec's "antivirus engine utilizing the Matrix subcomponent." Finjan, however, provides no authority to support its argument that it did not need to supplement its infringement contentions in this scenario, nor does Finjan explain how "Javascript detection techniques" are sufficient to identify the "Matrix subcomponent." As discussed above, vague references without explanation or specificity fail under the Patent Local Rules.

Finjan further argues that it disclosed the static heuristic detection in Sapient and MalHeur as infringing in its infringement contentions because it disclosed SAPE which is the same underlying technology as Sapient and MalHuer and therefore Symantec cannot argue these technologies are different in their operation. However, Finjan's own expert states that the SAPE technology is slightly different from the Sapient technology. (Dkt. No. 322-37 at 3:26-4:6.) Finjan's expert also clarifies that "Sapient is an offshoot of SAPE....and currently accounts for 40% of blocks with Symantec's products." (Id. at 3:22-24.) Therefore, Finjan's argument that SAPE is virtually the same technology as Sapient and MalHeur is unpersuasive.

Given that AVE and its subcomponents do not appear in Finjan's infringement contentions, the Court GRANTS Symantec's request to strike these technologies from Finjan's expert reports.

2. Skeptic

Symantec argues that both of Finjan's expert reports refer to Skeptic, but this technology was not included in Finjan's infringement contentions for the '844, '494, or '926 patents. These technologies do appear in Finjan's contentions for the '289 and '154 patents.

Finjan does not dispute that it did not identify Skeptic for the '844, '494, or '926 patents, but instead argues that it disclosed "Link Following" which is part of Skeptic and only used in conjunction with Skeptic. Symantec responds that it does not move to strike the term Link Following, but rather asserts that Finjan's summary of the Skeptic technology is wrong as Skeptic and Link Following are two separate technologies. Symantec cites to the deposition of Mr. Steve White, who testified "Skeptic is a standalone product" and "Link Following is a separate product." (Dkt. No. 322-23 at 3 - pg. 25:4-7.) Given this expert's testimony, Finjan's argument that Skeptic is the same product as Link Following is unpersuasive.

Finjan also provides an "Antivirus" screenshot image arguing it is a depiction of Skeptic Link Following. But argument is all it is; there is nothing in the image or in the record to support that assertion. Therefore, Finjan's argument regarding the screenshot is also unpersuasive.

Accordingly, the Court GRANTS Symantec's motion to strike the references to Skeptic technology from Finjan's expert reports to the extent the reports discuss the Skeptic technology as infringing on the '844, '494, or '926 patents.

3. Total Cloud Protection for the '844 and '494 Patents

Symantec asks the Court to strike the "Total Cloud Protection" technology from Finjan's expert reports for the '844 and '494 patents as it was not mentioned in Finjan's infringement contentions.

Finjan argues it identified "cloud scanning" which is the same thing as what Symantec refers to as "Total Cloud Protection." However, is unclear how the two products are the same and Finjan offers no explanation. Finjan also asserts that "Next Generation anti-malware engine" includes the technology developed by the Total Cloud Protection Code because this anti-malware engine relies on Norton's cloud. Again, as the Court discussed above, the ambiguity of the categorical identification of "Next Generation anti-malware engine" does not meet the requirements under Patent Local Rule 3-1(b). See Geovector Corporation, 2017 WL 76950, at *4 (concluding "Rule 3-1(b) does not permit parties to identify accused products by using categorical or functional identifications, or limited, representative examples."). Finjan cites to a document that describes the technology entitled "Total Cloud Protection Solution Document" and asserts that the description it provided in the infringement contentions matches the document description. (Dkt. No. 310-67.) As Symantec notes, however, this document was produced over two years ago in April 2015. (See Dkt. No. 321-28.) As such, Finjan had over two years to amend its contentions to provide the identification of the specific product.

Accordingly, the Court GRANTS Symantec's request to strike the "Total Cloud Protection" technology from Finjan's expert reports for the '844 and '494 patents.

4. New Databases for the '494 and '926 Patents

Symantec argues the DCL, SymEFA, Skeptic Thinks, and RIAK databases identified in Dr. Cole's report and the SymEFA and Skeptic Thinks databases in Dr. Mitzenmacher report were not disclosed in Finjan's infringement contentions and therefore must be stricken.

Finjan concedes that it did not specifically identify these databases by name but that it sufficiently identified them for the purposes of its infringement contentions "by describing their operation." Finjan urges the Court to focus on the substance of its infringement contentions rather than "word matching." However it is this "word matching" that is required when a party can name a product or technology with specificity. See Patent Local Rule 3-1(b). Further, Finjan specified certain databases as performing the various limitations its experts now claim other databases perform. For example, Finjan identified DMAS DB, Hbase databse, SRDB, SDAP DB, ANL Databases, HydraDB, Attack Correlation Database, Exposure Databse, MutantX DB, SPANC, InsightStat, ACDB, SRDB databases for the storing limitation of the '494 patent and the retrieving limitation of the '926 patent. (Dkt. Nos. 322-41 at 3-6 - the '494 patent; 322-43 at 3-4 and 8 - the '926 patent.) Finjan is now barred from changing its theory by claiming different databases perform these same limitations under the '494 and '926 patents. See ASUS Computer Int'l v. Round Rock Research LLC, 2014 WL 1463609, at *4 (N.D. Cal. Apr. 11, 2014).

Accordingly, the Court GRANTS Symantec's request to strike the DCL, SymEFA, Skeptic Thinks, and RIAK databases identified in Dr. Cole's report and the SymEFA and Skeptic Thinks databases in Dr. Mitzenmacher's report.

5. Components for the '996 Patent

Symantec argues that Dr. Mitzenmacher's expert report goes well beyond the contentions Finjan disclosed regarding the infringement of the '966 patent. Specifically, Symantec argues the following technologies are missing from Finjan's infringement contentions but are found in Dr. Mitzenmacher's report: SEPM SQL Database, JDBC/ODBC, LDAP Directory server, JNDI, Email Server, SMTP, Kaseya Server/Agent/Plugin, SDK, Remote Management APIs, and Host Integrity policies, Secars, Secregs, SesmuLUObjects, HTTP Handler, Tomcat JVM and Apache Server, SMC Agent, SylinkDrop, and Sylink.xml.

Finjan responds that several of these technologies are "well known" to be part of or related to another technology or functionality that Finjan included in its disclosures. However, Finjan provides no declaration, evidence, or expert testimony that these technologies are well known or well understood.

Finjan further argues Symantec's complaints are based on its misapprehension of the claim language because "management servers" are part of the claim language, not part of the accused system. Finjan refers to Judge's Gilliam's claim construction order to argue there is no specific requirement of a "non-HTTP protocol" as part of the claim language. In the claim construction order discussion of "non-HTTP Management Data" the district court concluded that construction of the term is not necessary because a person skilled in the term would recognize its plain and ordinary meaning. (Dkt. No. 170 at 23:25-28.) However, at issue here is not the definition of the claim language for "non-HTTP Management Data" but whether Finjan identified certain technologies in its infringement contentions that Mr. Mitzenmacher discusses in his report. Finjan's identification of management servers with which the network gateway can communicate is insufficient under the Patent Local Rules which require Finjan to serve a disclosure of asserted claims and infringement contentions that addresses "[s]eparately for each asserted claim, each accused apparatus, product, device, process, method, act, or other instrumentality" with specificity. Patent L.R. 3—1(b). Finjan failed to meet the specificity requirement by identifying the management servers rather than the individual technologies.

Accordingly, the Court GRANTS Symantec's request to strike the following technologies in Dr. Mitzenmacher's report: SEPM SQL Database, JDBC/ODBC, LDAP Directory server, JNDI, Email Server, SMTP, Kaseya Server/Agent/Plugin, SDK, Remote Management APIs, and Host Integrity policies, Secars, Secregs, SesmuLUObjects, HTTP Handler, Tomcat JVM and Apache Server, SMC Agent, SylinkDrop, and Sylink.xml in connection with the '996 patent.

C. Theories

1. "Dynamically Updating" under the '299 and '182 Patents

Symantec argues that Dr. Cole relies on undisclosed theories with respect to the dynamically updating limitations in the '299 and '182 patents.

For the '299 patent, Dr. Cole opines: "The search results and the warning of potential risk are dynamically updated in two instances: (1) when the user hovers the mouse over the badge and dynamically updates the combined search and security risks, and (2) when the user clicks on to the next page of search results." (Dkt. No. 301-16 at 4:10-14.)

For the '182 patent, Dr. Cole opines: "The client computer dynamically updates: (1) when the user hovers the mouse over the badge, (2) when the user clicks the link in a popup, such on updating the icons as the search results are received as the "Full Report Button," that is dynamically generated after hovering the mouse over the badge, or (3) when the user clicks on to the next page of search results." (Id. at 7:25-8:2.)

Symantec argues that these theories are not the same theory Finjan offered in its contentions regarding the generation of security icons next to search result URLs:

Norton Products meet the recited claim language because Norton Products generate security icons next to search result URLs, in real time, to different levels of security such as safe, unsafe, untested, and secure or color variation of red, orange, green, and grey. The icons are updated when Norton Products receive the results of Symantec's web content scanning engines, to identify security risks such as phishing sites, malicious downloads, browser exploits, drive by downloads, and links to unsafe external sites.

(Dkt. No. 300-19 at 4.) Finjan's contentions sufficiently state that the icons update when they receive the results of Symantec's web content and when a user moves a mouse over the Norton icon. (Dkt. No. 310-71 at 3-4.) Finjan's infringement contentions, however, do not disclose that the dynamically updating limitation is met when "the user clicks on to the next page of search results" as Dr. Cole opines in his report. (Compare Dkt. No. 310-71 at 3-4 with Dkt. No. 301-16 at 4:10-14.)

Accordingly, the Court GRANTS Symantec's request to strike Dr. Cole's undisclosed theory with respect to "when the user clicks on to the next page of search results" as dynamically updating under the '299 and '182 patents.

2. Finjan's Doctrine of Equivalent Contentions

Symantec argues Finjan's DOE supplement adds the following products that were not previously identified in Finjan's infringement contentions:

• Appendix A-1: Norton Internet Security, Norton 360, Norton Antivirus, Norton Antivirus Basic, Norton One, and Norton 360 Multiple device. (Compare Dkt. No. 300-3 at 9 with Dkt. No. 301-12 at 3)

• Appendix A-5: Symantec Hosted Endpoint Protection, SAP Anywhere, and Symantec Endpoint Protection Small Business Edition (Compare Dkt. No. 300-5 at 11 with Dkt. No. 301-12 at 16)

• Appendix B-1: Norton 360, Norton Internet Security, and Norton Antivirus (Compare Dkt. No. 300-9 at 3 with Dkt. No. 301-12 at 30)

• Appendix H-4: Symantec Hosted Endpoint Protection, SAP Anywhere, and Symantec Endpoint Protection Small Business Edition (Compare Dkt. No. 300-8 at 9 with Dkt. No. 301-12 at 49)

After comparing Finjan's contentions with the recent DOE supplement, the Court agrees that the DOE supplement contains products that do not appear in Finjan's claim charts. Finjan's response that these changes are mere clarifications provides no explanation why entirely new products are named. Accordingly, the new products listed in the DOE supplements under Appendix, A-1, A-5, B-1, and H-4 are stricken.

Symantec also argues that Finjan changed its contentions with respect to the '289 patent. The DOE contentions that Finjan sought leave to serve stated "Symantec Products perform the same function because they modify content that they receive to replace a call to an original function, like a request to process HTTP request, with a substitute function as a call to an engine, such as the AVE Engine or the NDC, for scanning." (Dkt. No. 301-14 at 7.) The new supplement, however, states "Cloud Products perform the same function because they modify content that they receive to replace a call to an original function, like a request to process HTTP request, with a substitute function as a call to an engine, such as Link Following-Skeptic, for scanning." (Dkt. No. 301-12 at 39.) The Court did not grant Finjan leave to make substantive edits to its DOE contentions. Therefore, this change in theory under the '289 patent is stricken.

II. Motion to File Under Seal

Symantec moves to file under seal Exhibits 5, 9, 12, 15, 16, 19, 23, 25, and 30 attached to its motion to strike and Exhibits 33-43, 45, 46, 50-54, 56, 57, 59-61 to the Cassidy Declaration, and Exhibit 1 to the Ekstrand Declaration. (Dkt. Nos. 301, 322.) Finjan moves to file under seal portions of its opposition brief, as well as Exhibits 1, 2, 5-14, 16, 18, 20, 21, and 23. (Dkt. No. 310.) Symantec submitted a declaration in support of Finjan's motion to file under seal requesting the Court seal the documents Finjan identified as well as Exhibits 24-26, page 8 of 27, 28, 30-38, 42, and 43 to Finjan's opposition. (Dkt. No. 315.) Symantec also narrowed the sections of Finjan's opposition brief that should be filed under seal to pages 19:12-20:10, 20:15-18, and 21:5-23:3. (Compare Dkt. No. 310 at 2 — Finjan's motion to seal and Dkt. No. 315 at 2:9-11-Symantec's Decl. in Support of Finjan's motion to seal.) Symantec states that the remainder of the Finjan's opposition may be filed publicly. (Dkt. No. 315 at 2:12.)

Given the confidential business information in these documents and the competitive harm that could result from the disclosure of this confidential information the Court concludes that sealing is warranted and GRANTS both Symantec's and Finjan's motions. See Nixon v. Warner Commc'ns, Inc., 435 U.S. 589, 598-99 (1978); Music Grp. Macao Commercial Offshore Ltd. v. Foote, 2015 WL 3993147, at *7 (N.D. Cal. Jun. 30, 2015). The sections of Finjan's opposition filed under seal are the narrowed sections identified in Symantec's declaration. (See Dkt. No. 315 at 2:9-11.)

CONCLUSION

For the reasons described above, Symantec's motion to strike portions of Finjan's expert reports is GRANTED in part and DENIED in part.

The Court DENIES Symantec's motion to strike the following language:

1. Norton Antivirus, Norton 360, and Norton Internet Security as products infringing the '844 and '926 patents,

2. Endpoint Protection Small Business as a product infringing the '844 patent,

3. Symantec Endpoint Protection as a product infringing the '494 patent,

4. MutantX, standing alone, as a product infringing the '844 and '494 patents, and

5. Dr. Cole's theories with respect to the dynamically updating limitations in the '299 and '182 patents by a user moving a mouse over a Norton badge or when the user clicks the link in a pop-up.

Symantec's request to strike the remaining sections of Finjan's expert reports is GRANTED. Symantec's and Finjan's motions to seal are also GRANTED.

This Order disposes of Docket Nos. 301, 304, 310, 315, and 322.

IT IS SO ORDERED. Dated: January 29, 2018

/s/_________

JACQUELINE SCOTT CORLEY

United States Magistrate Judge