From Casetext: Smarter Legal Research

Finjan, Inc. v. Qualys Inc.

UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA
Jun 11, 2020
CASE NO. 4:18-cv-07229-YGR (N.D. Cal. Jun. 11, 2020)

Opinion

CASE NO. 4:18-cv-07229-YGR

06-11-2020

FINJAN, INC. Plaintiff, v. QUALYS INC., Defendant.


CLAIM CONSTRUCTION ORDER

Re: Dkt. Nos. 42, 65

Plaintiff Finjan, Inc. ("Finjan") brings this patent infringement action against Defendant Qualys Inc. ("Qualys"), alleging that Qualys infringes U.S. Patent Nos. 8,677,494 (the "'494 Patent"). 6,154,844 (the "'844 Patent"), 8,141,154 (the "'154 Patent"), 6,965,968 (the "'968 Patent"), 7,418,731 (the "'731 Patent"), 7,975,305 (the "'305 Patent), and 8,225,408 (the "'408 Patent"). Now before the Court are the parties' claim construction disputes. A technology tutorial was held on May 22, 2020.

Having carefully considered the papers submitted, the parties' arguments presented at the May 27, 2020 claim construction hearing, and the pleadings in this action, and for the reasons set forth below, the Court hereby adopts the constructions set forth herein.

I. BACKGROUND

Finjan asserts seven patents. Although each patent has different claims and specification, several of the patents are related. Specifically, the '844, '731, '305, '408, '494 Patents are continuations-in-part of the same parent application: No. 08/694,388. All of the patents relate generally to computer network security, most commonly at the network gateway. (See '494 Patent at 1:60-63; '844 Patent at 1:23-26; '154 Patent at 1:7-9; '968 Patent at 1:63-67, 2:12-16; '731 Patent at 1:20-21; '305 Patent at 1:24-25; '408 Patent at 1:19-20.)

Because these patents are related, their common claim terms are interpreted consistently across patents unless distinctions are "necessary." NTP, Inc. v. Res. In Motion, Ltd., 418 F.3d 1282, 1293 (Fed. Cir. 2005), abrogated on other grounds as stated in IRIS Corp. v. Japan Airlines Corp., 769 F.3d 1359, 1361 n.1 (Fed. Cir. 2014)

Figure 1 of the '408 Patent illustrates the basic architecture common to several patents below. A network gateway (or "gateway computer") "acts as a conduit for content from the Internet entering into a corporate intranet, and for content from the corporate intranet exiting to the Internet." ('408 Patent at 3:62-67.) The gateway contains a scanner that inspects incoming content to identify malicious code (e.g., viruses). (Id. at 4:54-56.) The scanner uses security policies to decide whether to block incoming content—for example, blocking "severely malicious" content but allowing "less malicious" content. (Id. at 4:53-5:2.) The intranet is also coupled to a cache that stores content to avoid re-retrieval and re-scanning. (Id. at 5:10-15.) The Court addresses patent-specific implementations in the body of this Order.

Image materials not available for display.

II. LEGAL PRINCIPLES

Claim construction is a question of law for the court. Markman v. Westview Instruments, Inc., 517 U.S. 370, 384 (1996). "The purpose of claim construction is to determine the meaning and scope of the patent claims asserted to be infringed." O2 Micro Int'l Ltd. v. Beyond Innovation Tech. Co., 521 F.3d 1351, 1360 (Fed. Cir. 2008). "When the parties raise an actual dispute regarding the proper scope of the[] claims, the court, not the jury, must resolve the dispute." Id. However, claim construction needs only "resolve the controversy"; it is not "an obligatory exercise in redundancy" where no dispute exists. See id. at 1361-62; U.S. Surgical Corp. v. Ethicon, Inc., 103 F.3d 1554, 1568 (Fed. Cir. 1997).

A. The Ordinary Meaning Construction

Claim terms are generally given the "ordinary and customary meaning" that they would have to a person of ordinary skill in the art at the time of the invention. Phillips v. AWH Corp., 415 F.3d 1303, 1312-13 (Fed. Cir. 2005) (en banc). The ordinary and customary meaning is not the meaning of the claim term in the abstract. Id. at 1321. Rather, it is "the meaning to the ordinary artisan after reading the entire patent." Id.; see also Trs. of Columbia U. v. Symantec Corp., 811 F.3d 1359, 1364 (Fed. Cir. 2016) ("The only meaning that matters in claim construction is the meaning in the context of the patent.").

To determine the ordinary meaning, the court examines the claims, specification, and prosecution history of the patent, which form the "intrinsic evidence" for claim construction. Phillips, 415 F.3d at 1313; Vitronics Corp. v. Conceptronic, Inc., 90 F.3d 1576, 1582 (Fed. Cir. 1996). "[T]he context in which a term is used in the asserted claim can be highly instructive." Phillips, 415 F.3d at 1314. Additionally, "[d]ifferences among claims can also be a useful guide in understanding the meaning of particular claim terms." Id. However, a person of ordinary skill in the art is "deemed to read the claim term not only in the context of the particular claim in which the disputed term appears, but in the context of the entire patent, including the specification." Id. at 1313. The specification "is always highly relevant to the claim construction analysis" and usually "dispositive." Id. at 1315 (quoting Vitronics, 90 F.3d at 1582). Nevertheless, it is improper to limit the claimed invention to the preferred embodiments or to import limitations from the specification unless the patentee has demonstrated a clear intent to limit claim scope. Martek Biosci. Corp. v. Nutrinova, Inc., 579 F.3d 1363, 1380-81 (Fed. Cir. 2009).

In addition to the claims and specification, the prosecution history may be used "to provide[] evidence of how the PTO and the inventor understood the patent." Philips, 415 F.3d. at 1317. "Any explanation, elaboration, or qualification presented by the inventor during patent examination is relevant, for the role of claim construction is to 'capture the scope of the actual invention' that is disclosed, described and patented." Fenner Inv., Ltd. v. Cellco P'ship, 778 F.3d 1320, 1323 (Fed. Cir. 2015). Finally, a court may consider extrinsic evidence—such as dictionaries, inventor testimony, and expert opinion—if it is helpful. Phillips, 415 F.3d at 1319. However, extrinsic evidence "is unlikely to result in a reliable interpretation of patent claim scope unless considered in the context of the intrinsic evidence." Id.

There are two exceptions to the ordinary meaning construction: "1) when a patentee sets out a definition and acts as his own lexicographer," and "2) when the patentee disavows the full scope of a claim term either in the specification or during prosecution." Thorner v. Sony Comp. Entm't Am. LLC, 669 F.3d 1362, 1365 (Fed. Cir. 2012) (citing Vitronics, 90 F.3d at 1580). To act as a lexicographer, the patentee "must 'clearly set forth a definition of the disputed claim term' other than its plain and ordinary meaning." Id. (quoting CCS Fitness, Inc. v. Brunswick Corp., 288 F.3d 1359, 1366 (Fed. Cir. 2002)). To disavow claim scope, the specification or prosecution history must "make[] clear that the invention does not include a particular feature" even though the language of the claims "might be considered broad enough to encompass the feature in question." Id. at 1366 (quoting SciMed Life Sys., Inc. v. Adv. Cardiovascular Sys., Inc., 242 F.3d 1337, 1341 (Fed. Cir. 2001)).

B. Means-Plus-Function Terms

Under 35 U.S.C. § 112 ¶ 6, a patentee may express claim terms as means or steps for performing a specified function "without the recital of structure, material, or acts in support thereof." Such means-plus-function claims must be construed "to cover the corresponding structure, material, or acts described in the specification and equivalents thereof." 35 U.S.C. § 112 ¶ 6. To construe means-plus-function claims, the court must first determine if Section 112 paragraph 6 applies. Williamson v. Citrix Online, LLC, 792 F.3d 1339, 1348 (Fed. Cir. 2015). Generally, the use of the term "means" creates a presumption that it does. See id. at 1349. The absence of the term "means" creates the opposite presumption. Id. A party may overcome the presumption by showing that the claims recite (or do not recite) "sufficiently definite structure" to adequately perform the claimed function. Id.

If means-plus-function applies, the court engages in a two-step inquiry to construe the claims: first, "[t]he court must identify the claimed function," and second, "the court must determine what structure, if any, disclosed in the specification corresponds to the claimed function." Id. at 1351. A structure corresponds to the claimed function if "the specification or prosecution history clearly links or associates that structure to the function recited in the claim." Noah Sys., Inc. v. Intuit Inc., 675 F.3d 1302, 1311 (Fed. Cir. 2012) (quoting B. Braun Med., Inc. v. Abbott Labs., 124 F.3d 1419, 1424 (Fed. Cir. 1997)). The structure must be adequate to perform the function; if the intrinsic evidence fails to disclose adequate corresponding structure, the claim is indefinite. Id.

III. CLAIM CONSTRUCTION

A. Disputed Terms in the '408 Patent

By way of background, the '408 Patent is directed to scanning network content for exploits (e.g., viruses). ('408 Patent at 1:19-20.) Unlike traditional anti-virus software, which focuses on discrete "signatures" of viruses, the '408 Patent focuses on patterns of tokens indicating exploits. (Id. at 1:34-55.) It does so using adaptive rule-based (ARB) scanners. (Id. at 1:65-66.) Each ARB scanner may contain three modules: (1) a tokenizer, (2) a parser, and (3) an analyzer. (Id. at 2:35-46, Fig. 2.) The tokenizer receives incoming source material and identifies specific "tokens"—lexical constructs such as keywords or names for variables. (Id. at 6:51-59.) The parser creates a tree out of the tokens to identify groups of tokens that form a pattern. (Id. at 8:18-28.) Finally, the analyzer uses a set of rules to identify which patterns indicate exploits. (Id. at 9:19-21.)

1. "instantiating, by the computer, a scanner for the specific programming language"

Finjan's ProposedConstruction

Qualys' ProposedConstruction

Court'sConstruction

No construction necessary -Plain and ordinary meaning

substituting specific data,instructions, or both into ascanner to make it usable forscanning the programminglanguage

generating or requesting ascanner that can scan theprogramming language byproviding a generic scannerinstance with language-specific data, rules, or both

The term "instantiating, by the computer, a scanner for the specific programming language" appears in asserted claim 1 and unasserted claim 22 of the '408 Patent. Claim 1 and 22 recite methods that involve first determining the programming language of an incoming stream of program code and then instantiating a scanner "comprising parser rules and analyzer rules for the specific programming language" in response to the aforementioned determining. ('408 Patent at claims 1, 22; see also id. at claims 9 (claim reciting a "scanner instantiator" that performs the instantiating step).)

The parties' dispute stems from an unclear relationship between two parts of the specification. On the one hand, the specification states that "[t]he content scanners of the present invention are referred to as adaptive rule-based (ARB) scanners." ('408 Patent at 1:65-66; see also id. at 6:35-40.) ARB scanners differ from other types of scanner because they are not "hard-coded for one particular type of content," but can instead be "enabled to scan any specific type of content by providing appropriate rule files, without the need to modify source code." ('408 Patent at 1:66-2:6.) Thus, in ARB scanners, "[r]ules files" for a particular language "serve as adaptors, to adapt an ARB content scanner to a specific type of content." (Id. at 2:14-15; see also id. at 6:17-20 ("An ARB scanner system is preferably designed as a generic architecture that is language-independent, and is customized for a specific language through use of a set of language-specific rules."), 6:35-40 ("[T]he present invention provides a flexible content scanning method and system, which can be adapted to any language by means of a set of rules.").) These disclosures describe the "present invention" and suggest that the claimed "instantiating" does not require creating new scanners for different languages. Rather, the same scanner can be adapted to different programming languages simply by substituting new rules files. Qualys thus proposes construing this limitation as "substituting specific data, instructions, or both into a scanner to make it usable for scanning the programming language."

Qualys' proposed construction stems from the IPR proceedings for the '408 Patent. The Court takes sua sponte notice of those proceedings. There, the U.S. Patent and Trial Appeals Board ("PTAB") rejected both parties' proposed constructions—which were similar to Finjan's—because they were broader than the specification allows. Palo Alto Networks, Inc. v. Finjan, Inc., Nos. IPR2015-02001, IPR2016-00157, Paper 10 at 10-12 (PTAB Mar. 29, 2016). Instead, it adopted a dictionary definition based on "substituting," which was closer to the specification. Id. (citing '408 Patent at 15:30-34.) Although the PTAB applies a different claim construction standard than the district courts, the PTAB's standard is broader than the Phillips standard. Accordingly, the PTAB's finding that even under the broadest reasonable interpretation, Finjan's construction is too broad has persuasive value.

On the other hand, the specification also describes an embodiment where a "scanner factory module" creates an ARB scanner repository containing a "multitude of content scanners," one for each possible language. (See id. at 14:65-15:67.) In this embodiment, rules files for different languages are combined into an "archive file." (Id. at 15:5-14.) An "ARB scanner factory module" then uses the archive file to instantiate a scanner repository that "produces a single instance of each ARB scanner defined in the archive file." (Id. at 15:15-33.) For example, Figure 6 shows a scanner repository containing an HTML scanner, a JavaScript scanner, and a URI scanner. (Id. at Fig. 6; see also id. at 15:39-41, Fig. 7.) When the client device downloads content from the Internet, the computer requests an appropriate scanner from the ARB scanner factory to process the content. (Id. at 15:49-63.) This embodiment suggests that new instances of a scanner really are created for different languages by the "ARB scanner factory." Finjan thus proposes construing the term according to its "plain and ordinary meaning," which online dictionaries define as "the realization of a predefined object" in which "a class of object is defined" and "[a]n instance of that object may then be declared."

The differing treatment in the specification has led different courts to adopt different constructions for this term. In Finjan, Inc. v. Rapid7, Inc., Judge Noreika in the District of Delaware adopted Finjan's plain meaning construction of "instantiating" as "generating or requesting a scanner that can scan the specific programming language," citing the column 15 disclosure that "[a]n advantage of the present invention is the ability to generate . . . a multitude of content scanners within a unified framework." No. 18-1519 (MN), 2020 WL 565377, at **12-13 (D. Del. Feb. 5, 2020) (citing '408 Patent at 15:56-58). But in Finjan, Inc. v. Sonicwall, Inc., Judge Freeman in this District adopted Qualys' construction, relying on the disclosures that ARB scanners adopt to different languages through rules files. No. 17-cv-04467-BLF, 2019 WL 1369938, at **15-17 (N.D. Cal. Mar. 26, 2019) (citing '408 Patent at 1:65-2:24, 6:17-20). Both parties argue that their preferred decision is entitled to deference, but neither substantively addresses the other court's construction.

Despite the differing treatment, a thorough analysis reveals no real tension between the constructions. The "scanner factory module" embodiment makes clear that the "factory" instantiates different ARB scanners using the "archive file" that contains rules for different languages. Read in conjunction with the column three and six disclosures, the ARB scanner factory instantiates the ARB scanner repository by creating generic ARB scanners and then substituting (or inputting) language-specific rules from the archive file. Accordingly, both parties are correct. Finjan is correct in that the '408 Patent uses "instantiating" according to its ordinary meaning of creating a specific instance of a scanner based on a pre-defined template. And Qualys is correct that the descriptions of the "present invention" limit the way in which scanners are instantiated by requiring the ABH scanner to remain the same while language-specific rules are input to adapt to different content. See Verizon Serv. Corp. v. Vonage Holdings Corp., 503 F.3d 1295, 1308 (Fed. Cir. 2007) ("When a patent [] describes the features of the 'present invention' as a whole, this description limits the scope of the invention."); see also Techtronic Indus. Co. v. Int'l Trade Comm'n, 944 F.3d 901, 907 (Fed. Cir. 2019) ("It is axiomatic that, where the specification describes the present invention as having a feature, that representation may disavow contrary embodiments."). Accordingly, the appropriate construction combines both parties' proposals.

Judge Freeman did not find otherwise: Sonicwall found that "the patentee's use of 'instantiating' . . . describes a procedure of customizing or setting up 'a scanner for the specific programming language,'" which was consistent with its construction. 2019 WL 1369938, at *16.

In the preferred embodiment, ARB scanners are created prior to the determination of the incoming content language. (See '408 Patent at 15:30-35, 15:56-58.) The PTAB noted the inconsistency with the claim language—which requires instantiating an ARB scanner "in response to said determining [of the programming language]"— in adopting a construction based on substitution." IPR2016-00157, Paper 10 at 10-12. However, substitution of language-specific rules also appears to take place prior to the determination step. (See '408 Patent at 15:1-4, Fig. 6 (showing language-specific scanners prior to serialization to a user device).) Accordingly, the Court agrees with Judge Noreika's construction of "instantiating" as "generating or requesting a scanner," to reflect the Figure 6 embodiment where scanners are generated prior to a request based on specific content.

The Court makes three adjustments to the combined construction. First, "specific data, instructions, or both" is changed to "specific data, rules, or both." The term "instructions" could be interpreted to mean "source code," but the specification makes clear that source code does not change in adapting the ARB scanner. ('408 Patent at 2:4-6.) Second, the Court changes "substituting" to "providing." As Judge Noreika noted, the term "substitution" could be read to exclude embodiments where scanners are created from scratch. Rapid7, 2020 WL 565377, at *13. Although this Court does not believe there is an inconsistency, the term "providing" better reflects the intrinsic evidence that rule files may be provided without substitution. (See '408 Patent at 2:3-6.) Finally, the Court adds that the scanner is a "generic instance" that receives "language-specific" rules files. Although (as Judges Freeman and Noreika both noted) the term "generic" is used in a preferred embodiment, the change here clarifies that the source code and basic operation of the scanner do not change when adapting to different languages, making it "generic" as to language, as described for the "present invention." (See id. at 2:2-6, 6:35-43.) These changes are made for purposes of clarity and do not alter the substantive scope of the combined constructions previously adopted in the district courts.

Accordingly, the Court construes "instantiating, by the computer, a scanner for the specific programming language" as "generating or requesting a scanner that can scan the programming language by providing a generic scanner instance with language-specific data, rules, or both."

B. Disputed Terms in the '968 Patent

The '968 Patent is directed to "management of a single cache so as to control content relative to a plurality of policies." (Id. at 1:64-67.) "Conventional caching is used to avoid repeating the same computations or the same data transmission" by caching content "after it is received from a web server" so that "the second time around," the content is "already available on the user's computer for rendering." (Id. at 1:10-23.) In addition to storing recently used content and calculations, caching may be used in conjunction with "content control" to "control what content is delivered to client computers." (Id. at 1:38-39.) Such operations "filter[] incoming content according to a 'policy' that includes one or more rules." (Id. at 1:40-42.)

The '968 Patent addresses the problem of different users having different policies. (Id. at 4:14-18.) Conventional cache managers cannot enforce more than one policy. (Id. at 4:18-19.) Accordingly, if one user requests content that is allowable under her policy, the content becomes available through the cache to a second user, even if the second user's policy forbids it. (Id. at 4:20-32.) To solve this problem, the '968 Patent proposes the use of a "policy-based index," which is "a data structure indicating allowability of cached content relative to a plurality of policies." (Id. at 2:3-6, 4:33-38.) The policy-based index allows the system to "check whether cached content is allowable for a different user than the original user who requested it, and thus block cached content from being delivered to users for whom it is not allowed." (Id. at 2:6-11.)

2. "dynamically generating a policy index"

Finjan's ProposedConstruction

Qualys' ProposedConstruction

Court'sConstruction

No construction necessary -plain and ordinary meaning

creating or updating a policyindex in response to userrequests for cached or non-cached content

adding allowabilityinformation to a policy indexin response to requests forcached or non-cached content

The term "dynamically generating a policy index" appears in asserted claims 26, 32, and 33, as well as unasserted claims 24 and 25 of the '968 Patent. In claims 26 and 32, dynamically generating the policy index comprises the steps of: (1) "determining . . . whether the piece of digital content is allowable for a given policy," and (2) "storing an indication of the results . . . within the policy index," either by "adding an entry in the policy index" or by "modifying an already existing entry." ('968 Patent at claims 26, 32.)

Finjan interprets claim 26 to indicate that the "dynamically generating" is accomplished by "indicating pieces of cached content known to be allowable relative to a given policy." The better interpretation is that the "indicating" clause modifies how the policy index "relate[s] cached content and policies," not how the index is generated.

The parties dispute whether a policy index may be created or updated in response to something other than user requests. Qualys argues that "dynamic" generation refers to creating or updating the policy index "in response to user requests for cached or non-cached content." As support, Qualys points out that the specification states that "the present invention allows for policy-based cache index 190 to be updated dynamically as user requests for cached and non-cached content arrive." ('968 Patent at 5:66-6:2.) Qualys further points out that every embodiment disclosed in the specification involves creating policy index entries in response to user requests. (See id. at Fig. 2, 6:22, 6:31-35, 9:17-18, 8:33-40.) Qualys thus argues that this description of "the present invention" disavows other types of "dynamic" generation of the policy index. See Techtronic, 944 F.3d at 907.

The parties also dispute whether the term requires construction. Finjan proposes "plain and ordinary meaning" for this and all other terms. However, a "plain and ordinary meaning" construction is only appropriate when a single "ordinary" meaning exists and fully resolves the parties' disputes. See O2 Micro, 521 F.3d at 1361. Unless otherwise noted, the Court finds that disputes exist and preclude a plain and ordinary meaning construction in this Order.

Finjan disputes that every embodiment involves creating or updating a policy index in response to user requests and points to contrary embodiments. For example, the specification describes initially creating an empty policy index—not apparently in response to user requests—which is then filled in with policy entries in response to user requests. (See '968 Patent at 6:12-13.) The specification also describes an embodiment of "resetting" the policy index by deleting policy index entries (or setting them to "null") when policies are changed to avoid mistakenly delivering content that is not allowed. (See id. at 7:57-67; see also id. at 8:1-7.) Accordingly, Finjan argues that the descriptions of dynamically generating the policy index are "not uniform," which prevents the term "present invention" from creating disclaimer. See Absolute Software, Inc. v. Stealth Signal, Inc., 659 F.3d 1121, 1136-37 (Fed. Cir. 2011).

As an initial matter, the Court agrees that the description of "the present invention" at 5:55-6:2 does not indicate disavowal. Descriptions of the "present invention" only limit claim scope when they describe the invention, not the embodiments of that invention. See David Netzer Consulting Eng. LLC v. Shell Oil Co., 824 F.3d 989, 994 (Fed. Cir. 2016) (requiring clear and unmistakable statements, like "the present invention includes," "the present invention is," or "all embodiments of the present invention are"). Here, the specification states that the invention "allows" for updating content in response to user requests—permissive language that implies that such updating is not essential or critical to the invention. Cf. Blackbird Tech LLC v. ELB Elecs., Inc., 895 F.3d 1374, 1377-78 (Fed. Cir. 2018). Moreover, not all claims require "dynamic" generation of the policy index, which means that dynamic generation cannot be required for the invention as a whole. (Compare '968 Patent at claims 1, 13, with id. at claims 24, 25.)

Notwithstanding the lack of disclaimer, the Court finds that Qualys' construction accords with the ordinary meaning of "dynamically generating a policy index," as used in the '968 Patent. The specification distinguishes "dynamic" generation of the policy index from creating a complete policy index at the start to "include all allowability links from [each policy] to [all] allowable content." (Id. at 5:52-6:2.) A complete policy index would "conclusively determine whether or not the given content is allowable relative to the given policy." (Id. at 5:55-63.) However, it would "require an exponential amount of computations . . . as the size of the cache and the number of policies increase." (Id. at 6:2-6.) To avoid expanding such resources, "it is not necessary for policy-based cache index 190 to be complete" in the '968 Patent, and it may instead "be updated dynamically as user requests for cached and non-cached content arrive." (Id. at 5:64-6:2.) Thus, in the preferred embodiment, the policy index is inconclusive for a given policy-content combination until a user governed by that policy requests the content, at which point its allowability or non-allowability information is added to the policy index. (See id. at 6:7-7:2.) Accordingly, the purpose of "dynamic" generation in the '968 Patent is to leave the policy index incomplete—thus avoiding unnecessary expenditure of resources—until a user request for content makes a determination of allowability necessary.

Finjan argues that content may be retrieved without user requests—e.g., "push" content. However, Finjan provides no evidence that content could be retrieved without a request at the time of the '968 Patent. Moreover, the parties disagree about the technical operation of push content. In light of the largely-unbriefed technical dispute, and given the state of the record, the Court construes the term in light of the intrinsic evidence to require requests. Cf. https://www.twilio.com/docs/ (defining push notifications to involve server-side requests).

Finjan is correct, however, that the policy index itself may exist independent of user requests. (Id. at 6:12-13.) Finjan is also correct that policy index entries may be updated to delete allowability information or to create null entries in response to other changes (such as policy updates). (See id. at 7:57-8:7, 9:20-22.) However, allowability (or non-allowability) information is only added in response to user requests, in order to avoid unnecessary computations. (See id. at 4:42-51, 5:52-7:2.) Accordingly, "generating" the policy index properly refers to filling out the policy index with allowability information, not creating the index itself. The term "adding" also better aligns with the claim language, which describes "dynamically generating a policy index" as storing allowability determinations in the policy index by either "adding an entry in the policy index" (if the content was not cached) or "modifying an already existing entry" (if the content was "already resident in the cache"). (Id. at claims 26, 32.) Accordingly, the term "adding" better reflects the embodiments where policy index entries are updated to add information in response to user requests, but not to delete information in response policy updates.

As used in the construction, the term "allowability information" refers to information indicating allowability or non-allowability of content—not lack of knowledge or an inconclusive determination. (Cf. '968 Patent at claim 31.)

The Court thus construes "dynamically generating a policy index" as "adding allowability information to a policy index in response to user requests for cached and non-cached content."

Finjan argues that the term "cached or non-cached content" is unnecessary because it covers all possible content. However, the term aligns with the intrinsic evidence and helpfully clarifies that generating an index "of the cached contents" does not limit the type of user requests that cause the generation. (See '968 Patent at claims 26, 32; id. at 5:66-6:2.)

3. "known to be allowable relative to a given policy" / "allowable relative to a given policy"

Finjan's ProposedConstruction

Qualys' ProposedConstruction

Court'sConstruction

No construction necessary -Plain and ordinary meaning

whether the given digitalcontent may be sent to the webclient

No construction

The term "known to be allowable relative to a given policy" appears in claims 1, 13, 23, 26, 32, and 33 of the '968 Patent. These claims recite a "policy index" whose entries "relate cached content and policies" by "indicating pieces of cached content known to be allowable relative to a given policy." Additionally, the term "allowable relative to [for] a given policy" appears in claims 12, 23, and 26. These claims recite "determining" whether "the requested digital content is allowable for the user."

The parties dispute whether this term indicates that the digital content "may be sent to the web client." Qualys contends that it does because the specification states that "[u]sing the policy-based index of the present invention, a cache manager can check whether cached content is allowable for a different user than the original user who requested it, and thus block cached content from being delivered to a user for whom it is not allowed." ('968 Patent at 2:6-11.) Qualys also argues that in every embodiment, a determination of allowability relative to a given policy leads the content to be delivered to the user. (See id. at 2:39-67, 5:19-30, 6:22-7:2, 7:14-15, 8:17-55.) Finjan disagrees and contends that the plain meaning should apply because Qualys cannot demonstrate lexicography or disavowal.

The Court finds that the ordinary meaning of these terms does not require sending digital client to a web client. The specification explains that implementing a multi-policy cache "has many diverse applications," including document management systems (e.g., version control, data encryption), file management systems (e.g., file sharing), and multimedia systems (e.g., cable and satellite broadcasting). (Id. at 2:28-38.) Each of these applications involves user access to content, but they do not exclusively involve sending digital content to web clients. Accordingly, Qualys' construction would exclude potential embodiments and must be rejected for that reason. The description of the "present invention" describes an advantage of the invention—not a required feature—and, in any case, Qualys fails to stay true to the intrinsic evidence by requiring sending content to web clients, as opposed to blocking content for users. (See id. at 2:6-11.)

Qualys suggests that "web client" is interchangeable with "user" and that transmission is not required for its construction. The Court declines to address a construction not before it.

Accordingly, the Court resolves the parties' dispute by rejecting Qualys' construction and finding that the term does not require sending content to a web client. Absent further disputes, the Court declines to engage in additional construction at this time. See GPNE Corp. v. Apple Inc., 830 F.3d 1365, 1372 (Fed. Cir. 2016) ("Where a district court has resolved the questions about claim scope that were raised by the parties, it is under no obligation to address other potential ambiguities that have no bearing on the operative scope of the claim."); Summit 6, LLC v. Samsung Elecs. Co., Ltd., 802 F.3d 1283, 1291 (Fed. Cir. 2015) (affirming plain and ordinary meaning construction where the court resolved the parties' disputes); cf. Vivid Techs., 200 F.3d at 803 (requiring construction "only to the extent necessary to resolve the controversy").

4. "memory storing a cache of digital content"

Finjan's ProposedConstruction

Qualys' ProposedConstruction

Court'sConstruction

No construction necessary -Plain and ordinary meaning

A memory storing [memory forstoring] a collection of digitalcontent previously requestedand retrieved for a web client

memory storingpreviously requested andretrieved digital content

The term "a memory storing a cache of digital content" appears in claims 1, 13, 23, 26, and 32 of the '968 Patent. The claims recite providing such a memory, along with a set of policies and a policy index relating the cache contents to the policies, as part of the claimed methods and devices. (See '968 Patent at claims 1, 13, 23, 26, 32.)

The parties dispute whether the digital content stored by the memory must have been previously requested by and retrieved for a user ("web client"). Qualys contends that it does. As support, Qualys cites the disclosure that "[u]sing the policy-based index of the present invention, a cache manager can check whether cached content is allowable for a different user than the original user who requested it." (Id. at 2:6-9.) Qualys again argues that the use of the term "present invention" disclaims other embodiments. Qualys also argues that Figure 2 represents the only disclosure of adding content to the cache in the specification, and it shows content being added in response to user requests. (See id. at Fig. 2, 8:17-26; see also id. at 6:22-26.) Finjan contends that the term should have their plain and ordinary meaning—which it describes as "memory that stores digital content"—because the language is easily understandable and does not plainly require "previously requesting and retrieving" content.

The Court finds that a "a cache of digital content" refers to previously requested and retrieved digital content. The specification describes "caching" in the background of the invention. It states that "[c]onventional caching is used to avoid repeating the same computations or the same data transmission." (Id. at 1:10-11.) For example, internet browsers "cache web pages so that these pages do not have to be re-transmitted when a user returns to view the same a second time." (Id. at 1:10-14.) As another example, proxy servers cache content to "deliver web pages quickly, the second time they are requested." (Id. at 1:26-29.) Finally, computational processors cache computations, so that the computation "does not need to be calculated more than once." (Id. at 1:31-36.) As these examples make clear, caching speeds up processing at the second request by storing content after the first request. (See id. at 1:10-59.) The specification confirms this interpretation by explaining that "[c]ache manager 150 stores content received from web serves within cache 140, so that such content is readily available for transmission when it is subsequently requested by web client 110 or by another web client." (Id. at 3:36-40 (emphasis supplied).) As explained by Qualys, every embodiment of the invention also stores content in a cache in response to user requests. (See id. at Figs. 1, 2.)

Finjan's construction is incorrect because it reads out the term "cache." See Enzo Biochem. Inc. v. Applera Corp., 780 F.3d 1149, 1154 (Fed. Cir. 2015) (rejecting construction that reads out a claim term). Specifically, Finjan seeks to rewrite "memory storing a cache of digital content" as "memory storing digital content." But the term "cache" has meaning in the context of the patent, and caching is the express subject of the invention. (See '968 Patent at Title, 1:5-6, 1:63-64.) Accordingly, the proper construction gives meaning to this term as previously accessed digital content. Cf. Haemonetics Corp. v. Baxter Healthcare Corp., 607 F.3d 776, 781 (Fed. Cir. 2010) ("[W]e construe claims with an eye toward giving effect to all of their terms.").

More plausibly, Finjan argues that not all claims require a "web client" request. There is merit to that argument. While claims 13 and 23 involve storing content in response to "user" requests, claims 1, 26, and 32 do not. Finjan also argues that requests generally are not necessary to retrieve content, but that issue is not sufficiently briefed. See supra n.7.

Accordingly, the Court construes "memory storing a cache of digital content" as "memory storing previously requested and retrieved digital content."

C. Disputed Terms in the '731 Patent

By way of background, the '731 Patent is directed to reducing network latency caused by processing time at a gateway computer. ('731 Patent at 1:64-67.) Scanning content for malware at the network gateway slows down the user's access to the content. (Id. at 1:55-60.) To increase the speed of processing associated with scanning, the '731 Patent proposes the use of security profiles and multiple caches. (See id. at claims 1-22.)

When the system first scans incoming content from the Internet, it creates a security profile that summarizes potentially malicious operations performed by the code. (Id. at 6:17-24.) The system then stores the content in a web cache and the security profile in a security cache for faster retrieval. (Id. at 7:36-42.) A separate "security policy cache" stores the policies that determine whether users/clients are allowed to receive the content. (Id. at 7:58-59.) The next time the content is requested, the security profile is retrieved from the security cache to determine filtering "without the need to perform the scanning." (Id. at claim 17.)

5. "incoming files from the Internet"

Finjan's ProposedConstruction

Qualys' ProposedConstruction

Court'sConstruction

No construction necessary -Plain and ordinary meaning

Internet files requested by anintranet computer

files requested by anintranet computer fromthe Internet

The term "incoming files from the internet" appears in claim 1 of the '731 Patent. The claim recites "a scanner for scanning incoming files from the Internet and deriving security profiles for the incoming files." Claims 20 and 22, on the other hand, recites "receiving an outgoing file from an intranet computer for transmission to an Internet destination."

The parties dispute whether the content must have been requested by an intranet computer. Qualys contends that the '731 Patent invention is directed to a network gateway that sits between an intranet of computers and the Internet. (See '731 Patent at 1:25-29.) The gateway is "networked with the intranet computers in such a way that outgoing requests and responses from the intranet computers to the internet and incoming requests and responses from the Internet to the intranet computers are routed through the gateway computer." (Id. at 1:29-34.) Accordingly, various embodiments show "incoming files" requested by intranet computers and received from the Internet. (See, e.g., id. at Fig. 1, 2:1-4, 2:14-26, 5:27-30.) Finjan responds that the plain meaning of "incoming files of the Internet" is not so limited. Claim 6, which depends on claim 1, recites that the gateway "receives a request for a file stored among the intranet of computers." (Id. at claim 6.) Finjan thus argues that files stored on the intranet qualify as a "file from the Internet."

The Court finds that Qualys construction properly captures the ordinary meaning of this term in the context of the '731 Patent. Claim 1 recites a computer gateway "for an intranet of computers" that contains a scanner for scanning "incoming files from the Internet." (Id. at claim 1.) The claim language thus suggests that the file is coming from the Internet to the intranet of computers. Because the file is being scanned, it has not yet been delivered to the intranet computers, but only requested. (Cf. id. at 10:13-21.)

The specification confirms this interpretation. The summary of the invention describes two types of embodiments: (1) scanning incoming files after "receiving a request from an intranet computer for a file on the Internet" to determine "whether transmission of the requested file to the intranet computer is to be restricted," and (2) scanning outgoing files after "receiving a file from an intranet computer for transmission to a recipient computer on the Internet" to determine "whether transmission of the requested file to the recipient computer is to be restricted." (Compare id. at 2:12-3:20, 3:52-28, with id. at 4:39-67.) Figures 1 and 3 show the architecture for these respective embodiments. (Id. at 10:22-39 (figure 1 shows "incoming traffic from outside of an enterprise intranet to within the intranet," and figure 3 shows "scanning outgoing web pages and web objects to control what is sent from within an enterprise intranet to computers outside of the intranet").) Notably, the arrows in Figure 1 are bidirectional between the intranet computers and the cache, which suggests that the intranet computers both send requests and receive content. (See id. at Fig. 1.) Moreover, as Qualys points out, the specification states that conventional gateway computers receive both "incoming requests and responses from the Internet to the intranet computers." (Id. at 1:29-34.) Accordingly, read in the context of the specification, "incoming files from the Internet" refers to files requested by the intranet computers from the Internet.

Finjan argues that claim 6 demonstrates that the gateway computer may also "receive[] a request for a file stored among the intranet of computers." (Id. at claim 6.) And so it can. The specification states that the present invention may "control[] bi-directional traffic; i.e., both incoming and outgoing content." (Id. at 10:48-52.) However, claim 1 requires only incoming traffic and does not concern outgoing traffic. Finjan further argues that several embodiments describe scanning files without a request from an intranet computer. Of these, several embodiments relate to outgoing traffic that is not relevant to claim 1. (Id. at 4:29-38, 4:39-53.) The specification also states that "client software other than a web browser may download web objects directly from the Internet." (Id. at 11:3-5.) However, in this embodiment, the gateway still receives a request—specifically, a "request for a web object without . . . a request for a web page that references it." (See id. at 10:63-66.) Similarly, the gateway computer may "pre-fetch objects within a web page," which also requires a request for a web page, if not for a web object. (Id. at 11:11-13.) Thus, in these embodiments, the intranet computers still request content from the Internet, even if those requests are narrower or broader than the retrieved content.

The outgoing traffic embodiments are properly captured by other claims that directly relate to outgoing files. (E.g., '731 Patent at claims 18, 20.)

See again, footnote 7.

Accordingly, the Court construes "incoming files from the Internet" as "files requested by an intranet computer from the Internet."

D. Disputed Terms in the '844 Patent

The '844 Patent is directed to attaching a security profile ("DSP") to a Downloadable. ('844 Patent at 1:23-27.) Each security profile includes a list of suspicious code patterns that is compared against a security policy to determine if a user is allowed to receive the content. (Id. at 2:3-8, 8:6-16.) The security profile is linked to the Downloadable through association—for example, through a pointer. (Id. at 6:13-24.) By linking security profiles to Downloadables, the system avoids decomposing Downloadables "on the fly." (See id. at 3:2-7.) // //

6. "web client"

Finjan's ProposedConstruction

Qualys' ProposedConstruction

Court'sConstruction

No construction necessary- Plain and ordinarymeaning

an application on the end-user'scomputer that requests adownloadable from the webserver

"an application on the end-user's computer that requestsa downloadable from theweb server"The rest of the limitation hasits plain and ordinarymeaning.

The term "web client" appears in claims 1, 15, 22, 23, 32, and 41-44 of the '844 Patent. These claims recite linking a security profile to a downloadable "before a web served makes the Downloadable available to web clients."

The parties dispute the plain and ordinary meaning of this term. Finjan contends that the plain and ordinary meaning of "web client" refers to web browsers but "may imply the entire user machine or refer to a handheld device that provides web access." Qualys points out that Finjan's position directly contradicts its earlier positions with regard to this term. Specifically, in two prior cases—Finjan, Inc. v. Symantec Corp. and Finjan, Inc. v. Cisco Sys.— Finjan successfully argued that the plain and ordinary meaning of "web client" is "an application on the end-user's computer that requests a downloadable from the web server." See No. 14-cv-02998-HSG, 2017 WL 550453, at **16-17 (N.D. Cal. Feb. 10, 2017); No. 17-cv-00072, 2018 WL 3537142, at *11 (N.D. Cal. July 23, 2018). Finjan responds that previous constructions interpreted the entire limitation—giving "web client" the meaning proposed by Qualys, while leaving the rest of the phrase with plain and ordinary meaning—and that doing the same would be acceptable in this case. Qualys does not object to Finjan's modified construction.

Accordingly, the Court construes "web client" as "an application on the end-user's computer that requests a downloadable from the web server" and the remainder of the limitation ("before a web server deploys the Downloadable so that web clients can access the Downloadable") as having its plain and ordinary meaning.

E. Disputed Terms in the '154 Patent

The '154 Patent is directed towards protecting a computer against dynamically generated malicious code using a security computer. (See '154 Patent at Abstract, 4:30-60.) "Dynamically generated malicious code" refers to viruses that are generated during run-time by other code. (See id. at 3:31-39.) For example, a web page may contain embedded JavaScript code that, when executed, inserts new (malicious) HTML code. (See id. at 10:39-64.)

To protect against dynamically generated code, the '154 Patent uses a substitute function that sends function inputs to a security computer for evaluation. (See id. at 4:35-46, 4:55-60.) The network gateway first scans the incoming content to determine if it includes function calls. (Id. at 13:47-54.) If the content contains them, the gateway computer replaces the function calls with substitute functions. (Id. at 13:54-60.) Then, when the client computer receives the content, the content processor in the client computer executes the substitute function, which sends the original function input to a security computer. (Id. at 13:63-14:6.) The security computer then scans the input to detect if it itself contains function calls and (if so) determines the security profile of the content. (Id. at 14:17-35.) Finally, the security computer compares the security profile to the user's security policy and sends back an indicator for whether the client may safely execute the original function. (Id. at 14:36-15:6.)

7. "a content processor"

Finjan's ProposedConstruction

Qualys' ProposedConstruction

Court'sConstruction

No construction necessary -Plain and ordinary meaning

A processor that processesmodified content; the contentprocessor is part of thecomputer being protected fromdynamically generatedmalicious content

a content processor onthe protected computer

The term "content processor" appears in claims 1 and 6 of the '154 Patent. These claims recite a content processor "(i) for processing content received over a network, the content including a call to a first function," where the call or function includes an input or input variable, and "(ii) for invoking a second function with the input only if a security computer indicates that such invocation is safe," or else calling the second function with a "a modified input variable."

The parties dispute two issues: (1) whether the content processor must process "modified" content, and (2) whether the content processor must reside on the computer being protected from dynamically generated malicious content. The Court declines to address the first issue. Qualys' proposal for the first dispute was considered and adopted in Finjan, Inc. v. Juniper Networks, Inc., 387 F. Supp. 3d 1004, 1011-12 (N.D. Cal. 2019). That decision is currently on appeal to the Federal Circuit. (See Dkt. No. 41 ("Joint Statement").) Once the Federal Circuit resolves this dispute, its decision will be binding on the district courts. See Ottah v. Fiat Chrysler, 884 F.3d 1135, 1140 (Fed. Cir. 2018). Accordingly, addressing the first dispute would not advance the efficient resolution of this case because—regardless of what this Court decides—the Federal Circuit interpretation will govern at trial.

As to the second dispute, Qualys plausibly argues that the content processor must be on the computer being protected. Claims 1 and 6 both recite a "system for protecting a computer from dynamically generated malicious content." ('154 Patent at claims 1, 6.) The specification confirms that the purpose of the invention is to protect a computer against dynamically generated malicious content. (See id. at Abstract, 4:30-34.) Although prior art allowed for inspecting dynamically generated code at the client computer, the '154 Patent purports to provide an improvement by providing behavior analysis that can "shield computers from dynamically generated malicious code without running on the computer itself that is being shielded." (Id. at 4:15-26 (emphasis supplied).) Thus, the improvement provided by the invention is to process suspicious content at a separate location than the protected computer. (See id. at 4:65-5:3.)

The claims confirm this operation. Claim 1 recites that the content processor invokes a first function (the substitute function) that sends its input to a security computer, which then returns an indicator for "whether it is safe to invoke the second function." (Id. at claim 1.) The content processor then executes the second function (the original function) "only if the security computer indicates that such invocation is safe." (Id. at claim 1.) In a slight variation, claim 6 recites that the content processor always invokes the second function but does so using a modified input variable that has been modified "if the security computer determines that calling a function with the [original] input variable may not be safe." (Id. at claim 6.) The clear implication of the claims is that the security computer protects a computer by ensuring that its content processor only executes safe function inputs. It is difficult to fathom how this operation could work unless the content processor resided on the computer being protected.

Finjan argues that the content processor may reside on the gateway scanner. However, in that case, the gateway scanner is the "computer being protected." Nothing in the claims excludes other computers from also being protected.

Unsurprisingly, in all of the embodiments, the content processor is located on the client computer being protected. (See id. at Abstract (describing "[a] method for protecting a client computer" where a client computer performs the functions recited for the content processor), 4:35-43 (describing the client computer as performing the functions of the content processor), 5:4-25 (same), 9:6-12 ("client computer 210 includes a content processor 270"), 13:63-14:16 (describing the client computer processing modified content using an application, such as a web browser), Fig. 2 (showing a content processor on the client computer), Fig. 3 (showing the client computer performing claimed functions), Fig. 4 (showing a client processor on the client computer), Fig. 5 (showing the client computer performing the claimed functions).)

Qualys argues that a broader construction should apply because several embodiments describe a "computer" that performs the functions of the content processor, without suggesting that the computer will ultimately receive the content. (See id. at 6:27-34, 6:66-7:7, 7:8-19, 7:20-31, 7:32-43.) Putting aside that these embodiments merely restate the claims (including claims other than claim 1 and 6), there is no evidence that the computer in these embodiments is not being protected. Qualys also argues that none of the five courts that have already construed "content processor" in the '154 Patent adopted Qualys' proposal. But the issue here appears to be one of first impression—none of the other courts faced a dispute over the location of the content processor. Finally, Qualys argues that the intrinsic evidence does not support limiting the "content processor" to the protected computer. But the requirement here is not merely part of a preferred embodiment—it is a basic feature of how the invention works.

See Rapid7, 2020 WL 565377, at **7-8 (addressing the issue of "modified content"); Juniper Networks, 387 F. Supp. 3d at 1011 (same); Finjan, Inc. v. Bitdefender Inc., No. 17-cv-04790 HSG, 2019 WL 634985, at **11-12 (N.D. Cal. Feb. 14, 2019) (addressing means-plus-function); Symantec, 2017 WL 550453, at *11 (addressing interactive viewing); Finjan, Inc. v. Proofpoint, Inc., No. 13-cv-05808-HSG, 2015 WL 7770208, at *11 (N.D. Cal. Dec. 3, 2015) (addressing means-plus-function).

The purpose of claim construction is to "capture the scope of the actual invention that is disclosed, described, and patented." Fenner Invs., 778 F.3d at 1323 (citation omitted); accord Phillips, 415 F.3d at 1316 ("Ultimately, the interpretation to be given a term can only be determined and confirmed with a full understanding of what the inventors actually invented and intended to envelop with the claim." (citation omitted)). Interpreting "content processor" to reside somewhere other than the protected computer would take the claims far beyond anything suggested in the specification. See Wis. Alumni Res. Found. v. Apple Inc., 905 F.3d 1341, 1351-52 (Fed. Cir. 2018) (rejecting construction that would "expand the scope of the claims far beyond any-thing described in the specification"). Accordingly, the content processor must reside on the computer being protected in order for the invention to work as described.

For these reasons, the Court construes "content processor" as "a content processor on the protected computer."

8. "security computer"

Finjan's ProposedConstruction

Qualys' ProposedConstruction

Court'sConstruction

No construction necessary -Plain and ordinary meaning

a computer that determineswhether the content received bythe content processor ismalicious

No construction

The term "security computer" appears in claims 1 and 6 of the '154 Patent. These claims recite a security computer that (1) indicates if the content processor may safely invoke the second (original) function, (2) receives a function input from a transmitter for inspection, (3) transmits to a receiver an indicator of whether it is safe to invoke the second function, and (4) determines if calling a function with the original input variable is potentially unsafe.

The parties dispute the ordinary meaning of this term. Qualys contends that the "plain and ordinary meaning" in the context of the '154 Patent is "a computer that determines whether the content received by the content processor is malicious." As support, Qualys cites portions of the specification that describe the security computer as providing security inspection functions. (See '154 Patent at Abstract, 4:34-50, 5:18-20, 13:63-14:66, Fig. 3.) Finjan disagrees and argues that the plain and ordinary meaning of this term is "a computer that provides security functions." Finjan further argues that Qualys' construction is redundant of other limitations present in the claims and that the specification describes the security computer as determining potentially malicious content, as well as malicious content. (See id. at 11:10-26.)

As an initial matter, Qualys is correct that the "ordinary" meaning of a claim term is its meaning in the context of the specification, not in the abstract. See Trs. of Columbia U., 811 F.3d at 1364 ("The only meaning that matters in claim construction is the meaning in the context of the patent."); Eon Corp. IP Holdings v. Silver Spring Networks, 815F.3d 1314, 1320 (Fed. Cir. 2016) ("The ordinary meaning of a claim term is 'not the meaning of the term in the abstract,'" but "its meaning to the ordinary artisans after reading the entire patent." (quoting Phillips, 415 F.3d at 1321)). However, in this instance, it is not clear whether Qualys' construction adds anything to the requirements of the claims.

Claim 1 already recites that the security computer performs inspection of content and provides an indicator of "whether it is safe to invoke the second function with input" and that "such invocation is safe." Similarly, claim 6 already recites that the security computer performs inspection of content and "determines [whether] calling a function with the input variable may not be safe." Qualys' construction—which requires "a computer that determines whether the content received by the content processor is malicious"—appears to be part and parcel of these limitations. Accordingly, the Court finds that the security processor must be a computer capable of inspecting content to determine if it may be safely invoked by the content processor (as required by the claims). Absent a clearer indication that the parties dispute these claim requirements, the Court declines to provide a construction at this time. // //

F. Disputed Terms in the '494, '968, and '154 Patents

9. "receiver"

Finjan's ProposedConstruction

Qualys' ProposedConstruction

Court'sConstruction

No construction necessary -Plain and ordinary meaning

Indefinite.Governed by 35 U.S.C. § 112 ¶6 without correspondingstructure

35 U.S.C. § 112 ¶ 6 doesnot apply

The term "receiver" appears in claim 10 of the '494 Patent, claim 7 of the '968 Patent, and claims 1-2 and 6-7 of the '154 Patent. Claim 10 of the '494 Patent recites a system comprising a "receiver for receiving the incoming Downloadable," a "Downloadable scanner coupled with said receiver," and a "database manager coupled with said Downloadable scanner." Claim 7 of the '968 Patent recites a cache manager of claim 1 that further comprises "a receiver for receiving digital content from a web server." Finally, independent claims 1 and 6 of the '154 Patent recite systems comprising "a content processor," a "transmitter," and "a receiver for receiving an indicator from the security computer for inspection."

The parties dispute whether Section 112, paragraph 6 (means-plus-function) applies. The parties agree that the lack of the term "means" in these claims creates a presumption that means-plus-function does not apply. See Williamson, 792 F.3d at 1349. However, Qualys argues that the presumption is overcome because the term "receiver" does not connote structure in the field of computer software. See id. Specifically, Qualys argues that the term "receiver" does not connote any well-known algorithm, as required for a computer software claim. As support, Qualys cites the declaration of Dr. Aviel Rubin, who opines that "[i]n the software context, it is common for an algorithm to 'receive' an input through a read operation," but that "[s]uch algorithms can be structured in an arbitrary number of ways," which means that "there is no defined structure." (Dkt. No. 52-6 ("Rubin Decl.") ¶ 36.)

Qualys' argument misses the mark—the claims here are not directed to computer software. As an initial matter, the requirement for an algorithm to connote sufficient structure comes from WMS Gaming, Inc. v. International Game Technology, 184 F.3d 1339 (1999). There, the Federal Circuit found that the district court erred by identifying "an algorithm executed by a computer" as corresponding structure without limiting the algorithm at issue. Id. at 1348. The court explained that "[i]n a means-plus-function claim in which the disclosed structure is a computer, or microprocessor, programmed to carry out an algorithm, the disclosed structure is not the general purpose computer, but rather the special purpose computer programmed to perform the disclosed algorithm." Id. at 1349. This requirement stemmed from the need to avoid purely functional claiming, which the use of a general-purpose computer or processor as a corresponding structure would create. See Aristocrat Techs. Australia Pty Ltd. v. Int'l Game Tech., 521 F.3d 1328, 1333 (Fed. Cir. 2008). However, WMS Gaming and its progeny in no way limited a patentee's ability to claim generic hardware other than a general-purpose computer or processor as structures that carry out claimed functions.

Here, the claims in each of the patents describe receivers as components separate from the processor that implements software. For example, in the '154 Patent, the claims expressly recite a "content processor" as a separate claim limitation from the receiver and the transmitter. (See '154 Patent at claims 1-2, 6-7.) Figure 1 of the '154 Patent similarly shows the receiver and transmitter on the client computer separate from the processor on that computer. (See id. at Figs. 2, 4.) Likewise, in the '494 Patent, the claims recite a receiver "coupled" to a database scanner. ('494 Patent at claim 10.) The term "coupled" connotes hardware—a software module cannot be coupled to a hardware scanner. Additionally, Figure 2 of the '494 Patent shows a processor apart from a communications interface, which the specification states may contain communication devices, such as a transceiver. (Id. at Fig. 2, 8:49-54.) Finally, although the '968 Patent does not mention a "receiver" in the specification, the claims state the receiver is part of the cache manager, which also includes other hardware components, such as a memory. (See '968 Patent at claim 7, claim 1.) In short, the claims here appear to be directed to a hardware implementation where the "receiver" is a distinct component, not a software module.

Dr. Rubin appears to agree that "[t]ransmitting and receiving are terms generally associated with transmitting data at a hardware level, such as via a modem, Wi-Fi, or some other similar means." (Rubin Decl. ¶ 36.)

In the context of computer hardware, Qualys provides no evidence that the term "receiver" does not connote well-known structure. The Federal Circuit has previously found that "the term 'receiver' conveys structure to one of skill in the art." EnOcean GmbH v. Face Int'l Corp., 742 F.3d 955, 959-60 (Fed. Cir. 2014). This Court sees no reason to depart from that holding, particularly since the issue of whether the term "receiver" connotes structure to a person of ordinary skill in the art exists independently of any patent. Qualys therefore fails to overcome the presumption that means-plus-function does not apply to these terms.

Qualys attempts to distinguish EnOcean on the basis that it concerned electromagnetic, wireless, and radio fields. However, it is not clear that the patents at issue concern a different field. The patents here broadly describe a network gateway that connects an intranet of computers to the Internet. Qualys has not explained why those connections would not be implemented using wireless, radio, or a similar technology.

Accordingly, the Court finds that Section 112, paragraph 6 does not apply to the term "receiver" in the '494, '968, and '154 Patents.

To the extent that Finjan contends that "receiver" and "transmitter" have a well-known meaning as structure in the field of software, it has failed to advocate for that construction. Finjan's arguments ignore intrinsic evidence and conflate hardware and software meanings in the extrinsic evidence. Finjan is advised that it has the ultimate burden to prove infringement at trial, and that the Court, not the jury, will decide the claim scope for that purpose.

10. "transmitter"

Finjan's ProposedConstruction

Qualys' ProposedConstruction

Court'sConstruction

No construction necessary -Plain and ordinary meaning

Indefinite.Governed by 35 U.S.C. § 112 ¶6 without correspondingstructure

35 U.S.C. § 112 ¶ 6 doesnot apply

The term "transmitter" appears in claim 6 of the '968 Patent and claims 1-3 and 6-8 of the '154 Patent. Claim 6 of the '968 Patent recites a cache manager of claim 1 that further comprises "a transmitter for transmitting allowable content from the cache to a client computer." Claims 1 and 6 of the '154 Patent recite systems comprising "a content processor," a "receiver," and "a transmitter for transmitting the input to the security computer for inspection."

Qualys makes the same arguments for "transmitter" as it did for "receiver." For the reasons stated above, the Court finds that Qualys failed to meet its burden to overcome the presumption that means-plus-function does not apply absent the term "means." Williamson, 792 F.3d at 1349. As with "receiver," the specification of the '154 Patent consistently shows the "transmitter" as a hardware component separate from the processor. (See '154 Patent at Figs. 1, 2, 4.) Although the '968 Patent does not mention a transmitter in the specification, claim 6 states that the transmitter is part of the cache manager, which Figure 1 shows as a hardware component on the proxy server that includes other hardware components. ('968 Patent at Fig. 1.) Qualys therefore fails to show that "transmitter" does not connote definite structure to a person of ordinary skill in the art. Cf. Alfred E. Mann. Found. for Sci. Res. v. Cochlear Corp., No. CV 07-8108 (SHx), 2012 WL 12877984, at *4 (C.D. Cal. June 18, 2012) (finding "transmitter means" to not be subject to section 112, paragraph 6); Zoltar Satellite Sys., Inc. v. Motorola, Inc., No. C 06-00044 JW, 2007 WL 4557781, at *6 (N.D. Cal. Dec. 21, 2007) (finding "radio transmitter" to not be a means-plus-function limitation).

Accordingly, the Court finds that Section 112, paragraph 6 does not apply to the term "transmitter" in the '968 and '154 Patents.

Qualys objects to certain evidence provided with Finjan's reply for the "receiver" and "transmitter" terms. (See Dkt. No. 60.) Because the Court finds that Qualys failed to meet its burden based on its own evidence, Finjan's reply declaration is not considered. Finjan's motion for leave to respond to Qualys objection is DENIED as moot. (Dkt. No. 65.) --------

IV. CONCLUSION

Based on the foregoing, the Court provides the following claim constructions:

Term

Construction

instantiating, by the computer, a scanner forthe specific programming language

generating or requesting a scanner that canscan the programming language by providinga generic scanner instance with language-specific data, rules, or both

dynamically generating a policy index

adding allowability information to a policyindex in response to requests for cached ornon-cached content

known to be allowable relative to a givenpolicy / allowable relative to a given policy

No construction

memory storing a cache of digital content

memory storing previously requested andretrieved digital content

incoming files from the internet

files requested by an intranet computer fromthe Internet

web client

"an application on the end-user's computerthat requests a downloadable from the webserver"The rest of the limitation has its plain andordinary meaning.

content processor

content processor on the protected computer

security computer

No construction

receiver

35 U.S.C. § 112 ¶ 6 does not apply

transmitter

35 U.S.C. § 112 ¶ 6 does not apply

This Order terminates docket number 65.

IT IS SO ORDERED. Dated: June 11, 2020

/s/ _________

YVONNE GONZALEZ ROGERS

UNITED STATES DISTRICT COURT JUDGE


Summaries of

Finjan, Inc. v. Qualys Inc.

UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA
Jun 11, 2020
CASE NO. 4:18-cv-07229-YGR (N.D. Cal. Jun. 11, 2020)
Case details for

Finjan, Inc. v. Qualys Inc.

Case Details

Full title:FINJAN, INC. Plaintiff, v. QUALYS INC., Defendant.

Court:UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA

Date published: Jun 11, 2020

Citations

CASE NO. 4:18-cv-07229-YGR (N.D. Cal. Jun. 11, 2020)