Opinion
CASE NO. 4:18-cv-07229-YGR
04-05-2021
FINJAN, INC., Plaintiff, v. QUALYS INC., Defendant.
ORDER GRANTING IN PART AND DENYING IN PART DEFENDANT'S MOTION TO STRIKE
Re: Dkt. No. 156, 157, 158, 163
Plaintiff Finjan, Inc. ("Finjan") brings this patent infringement action against defendant Qualys Inc. ("Qualys") for direct and indirect infringement of its patents. Now before the Court is Qualys' motion strike certain portions of Finjan's infringement and damages expert reports. (Dkt. No. 158 ("Mot.").) Qualys contends that Finjan's expert, Dr. Nenad Medvidovic, introduced six new theories in his report that were not disclosed in Finjan's infringement contentions. Having carefully considered the pleadings and the papers submitted, the Court GRANTS IN PART and DENIES IN PART Qualys' motion to strike.
The Court finds the motion appropriate for resolution without oral argument and the matter is deemed submitted.
I. BACKGROUND
Finjan accuses Qualys of infringing several patents, including U.S. Patent No. 8,225,408 (the "'408 Patent"). The '408 Patent broadly relates to scanning content for "exploits" (security vulnerabilities). (See '408 Patent at 1:59-64.) It does so using a scanner that is specific to each programming language and that includes rules to dynamically break down incoming content into "tokens" and analyze patterns in those tokens. (See id. at 1:65-2:19.) Claim 1 recites:
1. A computer processor-based multi-lingual method for scanning incoming program code, comprising:
receiving, by a computer, an incoming stream of program code;
determining, by the computer, any specific one of a plurality of programming languages in which the incoming stream is written;
instantiating, by the computer, a scanner for the specific programming language, in response to said determining, the scanner comprising parser rules and analyzer rules for the specific programming language, wherein the parser rules define certain patterns in terms of tokens, tokens being lexical constructs for the specific programming language, and wherein the analyzer rules identify certain combinations of tokens and patterns as being indicators of potential exploits, exploits being portions of program code that are malicious;
identifying, by the computer, individual tokens within the incoming stream;
dynamically building, by the computer while said receiving receives the incoming stream, a parse tree whose nodes represent tokens and patterns in accordance with the parser rules;
dynamically detecting, by the computer while said dynamically building builds the parse tree, combinations of nodes in the parse tree which are indicators of potential exploits, based on the analyzer rules; and
indicating, by the computer, the presence of potential exploits within the incoming stream, based on said dynamically detecting.
Finjan accuses the Qualys Cloud Platform, which comprises several interrelated products. (Dkt. No. 1 ("Complaint") ¶ 35; see Dkt. No. 164-3 ("Medvidovic Report") ¶ 94.) Finjan served its infringement contentions on April 19, 2019, describing generally how "each of the Accused Products" meets the claim limitations. (Dkt. No. 158-6 ("Contentions") at 2-18.) Fact discovery closed on October 1, 2020, and the parties served their opening expert reports six weeks after that. (Dkt. Nos. 39, 78.) Dr. Medvidovic and Dr. Eric Cole opined on infringement on behalf of Finjan. (Medvidovic Report; Dkt. No. 158-3 ("Cole Report").) Dr. DeForest McDuff opined on damages. (Dkt. No. 158-4 ("McDuff Report").)
II. LEGAL STANDARD
The Patent Local Rules "require parties to crystallize their theories of the case early in the litigation and to adhere to those theories once they have been disclosed." Simpson Strong-Tie Co., Inc. v. Oz-Post Int'l, LLC, 411 F. Supp. 3d 975, 980-81 (N.D. Cal. 2019) (citation omitted). Specifically, Patent Local Rule 3-1 requires a party asserting patent infringement to disclose each "Accused Instrumentality" separately for each asserted claim, together with a chart "identifying specifically where and how each limitation of each asserted claim is found within each Accused Instrumentality." Patent L.R. 3-1(b). Once these disclosures are made, they can only be amended by Court order upon a showing of good cause. Patent L.R. 3-6.
The purpose of these rules is to "provide structure to discovery and to enable the parties to move efficiently toward claim construction and the eventual resolution of their dispute." Huawei Techs., Co., Ltd v. Samsung Elecs. Co, Ltd., 340 F. Supp. 3d 934, 945 (N.D. Cal.2018) (citation omitted). As such, "a party may not use an expert report to introduce new infringement theories, new infringing instrumentalities, new invalidity theories, or new prior art references not disclosed in the parties' infringement contentions or invalidity contentions." Looksmart Group, Inc. v. Microsoft Corp., 386 F. Supp. 3d 1222, 1227 (N.D. Cal. 2019) (citation omitted). Undisclosed theories "are barred . . . from presentation at trial (whether through expert opinion testimony or otherwise)." MediaTek Inc. v. Freescale Semiconductor, Inc., No. 11-CV-5341-YGR, 2014 WL 690161, at *1 (N.D. Cal. Feb. 21, 2014).
A theory, however, is not the same as proof of that theory. Parties "need not 'prove up'" their case in contentions, and a patentee need only "provide reasonable notice to defendant why [it] believes it has a reasonable chance of proving infringement." Finjan, Inc. v. Blue Coat Sys., Inc., No. 13-cv-03999-BLF, 2015 WL 3640694, at *2 (N.D. Cal. June 11, 2015) (citations and quotation marks omitted). Courts thus distinguish "identification of the precise element of any accused product alleged to practice a particular claim limitation" and "every evidentiary item of proof showing that the accused element did in fact practice the limitation." Genetech, Inc. v. Tr. of Univ. of Penn., No. C 10-2037 LHK (PSG), 2012 WL 424985, at *1 (N.D. Cal. Feb. 9, 2012) (citation and internal quotation marks omitted) (emphasis in original). In deciding whether to strike expert testimony, the dispositive question is whether "the expert permissibly specified the application of a disclosed theory" or "impermissibly substituted a new theory altogether." Digital Reg of Tex., LLC v. Adobe Sys. Inc., No. CV 12-01971-CW (KAW), 2014 WL 1653131, at *2 (N.D. Cal. Apr. 24, 2014) (citation omitted).
III. ANALYSIS
Finjan moves to strike six "theories" in Dr. Medvidovic's report, including purportedly new theories related to (1) the Cloud Agent, (2) dynamically building a parse tree and detecting exploits, (3) receiving content, (4) date of first infringement, (5) doctrine of equivalents, and (6) foreign sales. The Court addresses each.
Following the filing of the motion, the parties stipulated to dismiss claim 29 of the '408 Patent. (Dkt. No. 185.) The Court therefore denies the motion to strike paragraphs 415-19 and 427-30 as moot.
A. Cloud Agents
Qualys first moves to strike Finjan's Cloud Agent theories. According to Dr. Medvidovic, the accused Qualys Cloud Platform collects data through either a scanner—a physical or virtual appliance deployed on a network—or a Cloud Agent, which is an application that resides on the endpoint itself (e.g., on a laptop). (Medvidovic Report ¶¶ 96-100.) Dr. Medvidovic opines that both methods satisfy the limitations of "scanning incoming code" and "receiving, by a computer, an incoming stream of program code." (Id. ¶¶ 183, 185, 187 & n.6, 195-96.)
In addition, Dr. Medvidovic opines that the Cloud Agent provides alternatives methods for performing other steps, including determining a programming language (¶ 214), applying analyzer rules (¶¶ 235-38), identifying individual tokens (¶ 258), dynamically building a parse tree (¶¶ 287-89), dynamically detecting exploits (¶¶ 303-09), and indicating the presence of the exploit (¶¶ 325, 327). These opinions are incorporated into Dr. Medvidovic's damages analysis, in so far as it does not change where cloud agents in place of scanners are used. (Id. ¶ 446.)
Finjan's infringement contentions did not identify the Cloud Agent for any limitation. With respect to the "receiving" limitation, Finjan's contentions disclosed that "[e]ach of the Accused Products" receives incoming content in two ways: first, when executed "on a node that is part of the Qualys Cloud computing environment," and second, when residing on "Appliance Scanners" dispersed as "endpoints throughout the computer network." (Contentions at 2, 3-4.) Qualys correctly points out that this does not specifically disclose a Cloud Agent. However, it also does not specifically disclose a scanner (which does not reside at the endpoints). Instead, the contentions appear to generically disclose that the accused product may reside on either the node or the endpoint when receiving data.
While these contentions could have been more specific, the Court finds that Finjan sufficiently disclosed its overall theory for this limitation. Finjan specifically identified the Cloud Agent as an accused product in its initial disclosures (see Dkt. No. 164-4 at 4), and thus disclosed the possibility of receiving content with a Cloud Agent at an endpoint. A comparison with other contentions shows that Finjan performed a similar analysis for other patents, but then specifically listed a "scanner" for each individual product as performing the claimed functions. (See Dkt. No. 100-11 at 180, 193 (showing the products at a node and endpoints), 189 (a "scanner for Cloud Agent").) The difference in specificity between these contentions appears to stem from the claim language: claim 1 requires receiving content "by a computer," and Dr. Medvidovic opines that the computer is a "scanner engine," "WAS scanner," or "Qualys Cloud Platform working with a Cloud Agent"—not the Cloud Agent itself. (See Medvidovic Report ¶ 185.) As such, Finjan did not introduce a new theory by failing to specify that the Cloud Agent collects the data before the "computer" associated with the Cloud Agent receives it.
Qualys agrees that the Cloud Agent does not itself scan data, which means that the "computer" that performs these functions must be the Cloud Platform server associated with the Cloud Agent. (Dkt. No. 157 at 3.)
With respect to the other limitations, the difference between the contentions and the report appear to be largely superficial. For instance, Dr. Medvidovic opines that both a scanner engine and a server associated with a Cloud Agent search for exploits. (Id. ¶¶ 229-37; see also id. ¶¶ 257-58 .) Finjan's contentions broadly disclosed this theory. (See Contentions at 13-14.) Indeed, some of the opinions that Qualys seeks to strike apparently conflate Cloud Agent and network scanner functionality. (See, e.g., Medvidovic Report ¶¶ 325-27 (explaining that a Cloud Agent provides "an internal view" while the scanner provides an "external view").) Qualys therefore has not shown that these are substantively new theories, as opposed to alternative ways of performing the same accused functionality disclosed in contentions. Dr. Medvidovic's opinions are therefore properly considered an application of a theory, rather than a new theory itself.
Accordingly, the Court denies Qualys' motion to strike the "Cloud Agent" theories.
B. Dynamic Building and Detection
Qualys next argues that Dr. Medvidovic introduces new theories for "dynamic" exploit detection, while also accusing new components. Claim 1 requires "dynamically building . . . a parse tree" and then "dynamically detecting . . . indicators of potential exploits." ('408 Patent at claim 1.) In its contentions, Finjan disclosed that the accused products meet this limitation by building XML parse trees "[d]uring the scans." (Contentions at 15.) While Finjan pointed to specific code for the tree building, it did not explain its basis for the contention that this process happened during the scan.
The parties disagree on the construction of these terms. Such claim construction disputes are not properly resolved on a motion to strike, and the Court here considers only whether Finjan adhered to its previously disclosed theories.
In his report, Dr. Medvidovic opines on the same XML tree theory, and further claims that the trees are built "immediately and while data is being received," pointing to (1) deposition testimony, (2) the use of parallelization, (3) evidence that the Qualys backend receives and presents "partial results," and (4) documents describing "real-time" collection. (Medvidovic Report ¶¶ 262, 282-86, 290, 298-99, 302-20.) Of these, only parallelization presents an arguably new theory; the rest is simply additional evidence that tree building and exploit detection occur "during" the scan. Finjan was not obligated to disclose every bit of proof that it intends to rely on in its contentions, and Qualys has not shown these to be new theories. See Finjan, Inc. v. Check Point Software Techs., Inc., No. 18-cv-02621-WHO, 2019 WL 955000, at *3 (Feb. 27, 2019).
Qualys separately argues that Finjan accuses new components for the parse tree building in the Medvidovic Report by discussing a "Unified Dashboard" that uses "Qualys Query Language" that parses queries using a parse tree (Medvidovic Report ¶¶ 267-74) and "Mandate Based Reporting" that "use[s] a tree structure." (Id. ¶¶ 291-92.) Although Finjan claims that these features are used by the "QWeb" disclosed in contentions, the theories are new on their face. (See id. ¶¶ 266-74 (expressly discussing the Unified Dashboard as separate from the XML parse trees discussed above), 291 (expressly discussing "another example" of Mandate Based Reporting as a separate feature). However, the Court cannot determine that the additional evidence related to XML trees constitutes a new theory. (Id. ¶¶ 276-81, 287-89, 293-300, 316-320, 303-05, 306-09.)
Accordingly, the Court strikes the Unified Dashboard and Mandate Based Reporting theories only. (Id. ¶¶ 267-74, 291-92.)
C. Receiving
Next, Qualys seeks to strike Dr. Medvidovic's opinions regarding "Vulnerability Features" that practice the limitation of "receiving, by a computer, an incoming stream of program code." Finjan's contentions state that the accused products receive content "based on a client device requesting the content from a source computer, such as the Internet" and "when a particular client device requests content provided by a source computer." (Contentions at 2-4.) Dr. Medvidovic, however, opines that the accused "Vulnerability Features" perform their network scans to detect vulnerabilities and policy compliance regardless of content requests and may receive data from client devices on the same network. (See Medvidovic Report ¶¶ 184-97.)
The Court has reviewed these portions of the report and cannot determine that they present a new theory. In particular, the Court cannot determine that the features described by Dr. Medvidovic do not involve a client device requesting content from any source computer. That the data is not directly received from the Internet does not appear to be dispositive. Nor is the use of internal networks, as opposed to the Internet specifically. Accordingly, the Court denies Qualys' motion to strike these theories, without prejudice to renewal should Qualys demonstrate that vulnerability scanning is not "based" on requests for content by the client device.
The parties further dispute the location of the disclosed "receiver," the use of multiple components together, the distinction between the Internet and other "networks," and Cloud Agents. These additional disputes obscure Qualys' main point.
D. Date of First Infringement
Qualys seeks to preclude Dr. Medvidovic from testifying that infringement occurred "no earlier than 2005" (implying that infringement could have occurred in 2005 or later). (Medvidovic Report ¶ 21.) In its contentions, Finjan listed November 29, 2018 as the theoretical date of first infringement. (Dkt. No. 100-1 at 11.) This is plainly a new theory and is struck. Finjan's claim that Dr. Medvidovic's opinion is not about the date of first infringement is disingenuous—the heading in the report states "Date of First Infringement." (See Medvidovic Report § IV.A.) However, the Court sees no basis to strike the opinions about current functionality of Qualys products, which are not related to dates of infringement. (Id. ¶¶ 262, 277-83.)
Accordingly, the Court strikes paragraphs 21 and 22 only.
E. Doctrine of Equivalents
Qualys next moves Dr. Medvidovic's doctrine of equivalents theory for the limitation regarding a programming-language specific scanner containing parser rules for the language (limitation 1d). (Medvidovic Report ¶¶ 250-53.) Dr. Medvidovic opines that the Qualys Cloud Platform performs the same function, in the same way, and with the same results (the "function-way-result" test) through software components that take the place of a physical scanner. (Id.) In its contentions, Finjan disclosed this exact theory. (See Contentions at 13 (referring to software components).) Although Qualys claims these contentions to be "vague," they are only a little less detailed than Dr. Medvidovic's ultimate opinions.
Accordingly, the Court denies Qualys' request to strike the doctrine of equivalents theory.
F. Foreign Sales
Qualys last moves Finjan's experts' opinions related to foreign sales, including paragraphs 172-74 of the Medvidovic Report; paragraphs 1186, 1188-89, and 1871-73 of the Cole Report; and paragraphs 8c, 13, 78, 87, 126, Tables 7 and 8, and Attachments B-1, B-2, B-4, B-5, B-6, B-8, C-2, and J-1 of the McDuff Report.
The issue of foreign sales has already been decided: Magistrate Judge Hixson denied Finjan's motion to compel discovery into Qualys' foreign sales as unsupported by its infringement claims, and this Court agreed. (See Dkt. Nos. 105, 152.) As explained by Judge Hixson, "no infringement occurs when a patented product is made and sold in another country." (Dkt. No. 105 at 1.) This is true for both system and computer-readable medium claims. (Dkt. No. 152 at 2.) Finjan's infringement theories, as stated in its contentions, did not show infringement for products sold abroad, so as to make such sales relevant to any claim.
Finjan now argues that these decisions "did not remove the subject of 'foreign sales' from the scope of trial" because the orders were based on theories of "mere development" of the accused products in the United States. This claim is baffling. The orders were based on infringement theories disclosed in Finjan's infringement contentions. To the extent that Finjan now relies on a different theory, it was not disclosed in contentions. To the extent that it relies on the old theory, foreign sales are not relevant.
Finjan's experts appear to opine that foreign sales are relevant because non-U.S. customers "benefit" from Qualys' U.S.-based infringement. Dr. Medvidovic and Dr. Cole opine that U.S. activities contribute to the "Knowledge Base" of security issues, which increases the value of Qualys' products abroad. (Medvidovic Report ¶ 173; Cole Report ¶ 1188.) They also opine that foreign customers benefit from the research and development that takes place in the United States. (Medvidovic report ¶ 174; Cole Report ¶ 1189.) As explained in the prior orders, however, Finjan has not shown that these activities constitute infringement, so as to permit considering foreign sales in damages calculations—and, indeed, the Court previously rejected the U.S. development argument. (Dkt. No. 152.) Accordingly, these opinions, together with Dr. McDuff's opinions that consider global sales in a reasonable royalty analysis, are struck.
IV. CONCLUSION
For the foregoing reasons, the Court STRIKES Dr. Medvidovic's date of first infringement (¶¶ 21, 22), Unified Dashboard (¶¶ 267-74), and Mandate Based Reporting (¶¶ 291-92) theories. The Court further strikes Finjan's experts' theories related to foreign sales, including:
• Paragraphs 172-74 of the Medvidovic Report;
• Paragraphs 1186, 1188-89, and 1871-73 of the Cole Report; and
• Paragraphs 8c, 13, 78, 87, 126; Tables 7 and 8; and Attachments B-1, B-2, B-4, B-5, B-6, B-8, C-2, and J-1 of the McDuff Report (global sales only).
The remainder of Qualys' motion to strike is DENIED.
The parties' administrative motions to seal are GRANTED to the extent indicated in the supporting declarations only. (Dkt. Nos. 156, 157, 163; see Dkt. Nos. 156-1, 157-1, 161, 165, 166-67.) The sealed portions contain confidential licensing and financial information, as well as some technical information. The parties shall file unredacted versions of the exhibits for which good cause has not been shown (e.g., exhibits F and G of the opposition) within seven days. --------
IT IS SO ORDERED. Dated: April 5, 2021
/s/ _________
YVONNE GONZALEZ ROGERS
UNITED STATES DISTRICT COURT JUDGE