From Casetext: Smarter Legal Research

Finjan, Inc. v. Sophos Inc.

UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA
Mar 2, 2015
Case No. 14-cv-01197-WHO (N.D. Cal. Mar. 2, 2015)

Summary

finding arguments raised for the first time at Markman hearing, but not included in briefing, were waived

Summary of this case from Protegrity USA, Inc. v. Netskope, Inc.

Opinion

Case No. 14-cv-01197-WHO

03-02-2015

FINJAN, INC., Plaintiff, v. SOPHOS, INC., Defendant.


CLAIM CONSTRUCTION ORDER

Re: Dkt. No. 58

INTRODUCTION

Plaintiff Finjan, Inc. alleges that defendant Sophos, Inc. has infringed eight of its patents relating to antivirus software. The parties have requested that I construe five claim terms or elements in four of the patents at issue: the 8,677,494 patent, the 7,613,926 patent, the 7,613,918 patent, and the 6,154,844 patent. Based on the parties' briefs and oral argument of counsel, I construe the disputed terms as set forth below.

LEGAL STANDARD

Claim construction is required only when there is a disagreement as to the meaning or scope of technical terms and words of art, which the court must resolve in order to determine the issues before it. Eli Lilly & Co. v. Aradigm Corp., 376 F.3d 1352, 1360 (Fed. Cir. 2004). When the parties raise a dispute regarding the proper scope of patent claims, the court and not the jury must resolve that dispute. Markman v. Westview Instruments, Inc., 52 F.3d 967, 979 (Fed. Cir. 1995) (en banc), aff'd 517 U.S. 370 (1996) (holding that claim construction is a matter of law).

Terms of a claim are generally given their ordinary and customary meaning. O2 Micro Int'l Ltd. v. Beyond Innovation Tech. Co., 521 F.3d 1351, 1360 (Fed. Cir. 2008). "In some cases, the ordinary meaning of claim language . . . may be readily apparent even to lay judges, and claim construction in such cases involves little more than the application of the widely accepted meaning of commonly understood words." Id. at 1360. Words that are not technical terms of art may not need construction at all. Brown v. 3M, 265 F.3d 1349, 1352 (Fed. Cir. 2001). "In such circumstances, general purpose dictionaries may be helpful." Phillips v. AWH Corp., 415 F.3d 1303, 1314 (Fed. Cir. 2005).

The "ordinary and customary meaning" is "the meaning a term would have to a person of ordinary skill in the art after reviewing the intrinsic record at the time of the invention." O2 Micro, 521 F.3d at 1360. This includes "not only in the context of the particular claim in which the disputed term appears, but in the context of the entire patent, including the specification." Phillips, 415 F.3d at 1313. Intrinsic evidence "is the most significant source of the legally operative meaning of disputed claim language." Vitronics Corp. v. Conceptronic, Inc., 90 F.3d 1576, 1582 (Fed. Cir. 1996).

"However, in many cases, the meaning of a claim term as understood by persons of skill in the art is not readily apparent." O2 Micro, 521 F.3d at 1360. Courts look to "sources available to the public that show what a person of skill in the art would have understood disputed claim language to mean." Phillips, 415 F.3d at 1314 (internal citations and quotations omitted). In addition to the particular claim and the rest of the patent, these sources include "the prosecution history, and extrinsic evidence concerning relevant scientific principles, the meaning of technical terms, and the state of the art." Id. However, extrinsic evidence should be considered only after consideration of intrinsic evidence, as it is less reliable and persuasive than intrinsic evidence. Vitrionics, 90 F.3d at 1582-84. In addition, "[c]ases about patent validity are authoritative on the issue of claim construction." Markman, 52 F.3d at 996 n.7.

Courts depart from the "ordinary and customary meaning" of a term in two circumstances. Thorner v. Sony Computer Entm't Am. LLC, 669 F.3d 1362, 1365 (Fed. Cir. 2012). First, the court will disregard the ordinary and customary meaning of a term where "a patentee sets out a definition and acts as his own lexicographer." Id. Second, the court will alter its interpretation of a term "when the patentee disavows the full scope of a claim term either in the specification or during prosecution." Id. Embodiments from the specification generally should not be imported into the claims in order to limit the claims. Toshiba Corp. v. Imation Corp., 681 F.3d 1358, 1369 (Fed. Cir. 2012).

DISCUSSION

In addition to the claims discussed, the parties also initially disputed the construction of the terms "security context" in the '918 patent, "certificate creator" in the '580 patent, and "protocol appender" in the '580 patent. The parties now agree that "certificate creator" and "protocol appender" do not require construction, see Dkt. No. 60 at 17, and that "security context" should be construed as "an environment in which a software application is run, which may limit resources that the application is permitted to access or operations that the application is permitted to perform." See id. at 14; Dkt. No. 62 at 14. I discuss the remaining terms at issue in turn.

I. CONSTRUCTION OF TERMS IN THE '926 AND '494 PATENTS

The '494 and the '926 patents are largely identical, as '494 is a continuation of '926. See '494 patent at 1:7-15 (Dkt. No. 58-9). The '494 patent provides for "malicious mobile code runtime monitoring system and methods" and the '926 patent protects a "method and system for protecting a computer and a network from hostile Downloadables." Id. at 1; '926 patent 1 (Dkt. No. 58-5). Both patents provide "[p]rotection systems and methods [] for protecting one or more personal computers ("PCs") and/or other intermittently or persistently network accessible devices or processes from undesirable or otherwise malicious operations . . ." '494 patent at 1; '926 patent 1.

A. "Database" ('926 patent, claim 22;'494 patent, claims 1,10)

Finjan's proposed

construction

Sophos's proposed

construction

Court's construction

A collection of interrelated

data organized according to a

database schema to serve one

or more applications

No construction necessary

A collection of interrelated

data organized according to a

database schema to serve one

or more applications


Finjan contends that its proposed construction is in line with the plain and ordinary meaning of the term "database." It takes its language from the IBM Dictionary of Computing, which defines "database" in identical terms as "[a] collection of interrelated data organized according to a database schema to serve one or more applications." See Dkt. No. 58 at 10.

Sophos contends that no construction of the term "database" is necessary. Dkt. No. 60 at 2. It asserts that the '926 and '494 patents did not define the term or give it any special meaning. Id. As an alternative construction, Sophos also cites to the definition of "database" in the IEEE Standard Dictionary of Electrical and Electronic Terms as the plain and ordinary meaning of the term: "a collection of logically related data stored together in one or more computerized files." Id. at 3; Tr. 5 (Dkt. No. 72).

The parties do not appear to seriously dispute the definition of the term "database." Although Finjan's definition of the term is slightly broader than that of Sophos, requiring that the information in a database "serve one or more applications," both parties agree upon the basic definition. Compare Dkt. No. 58 at 10 (Finjan's definition of "database" as taken from the IBM Dictionary of Computing), with Dkt. No. 60 at 3 (Sophos's contention that "database" connotes a "structured way to store data in a computer" (emphasis added)). During oral argument, counsel for Sophos indicated that it accepted the definition "a collection of interrelated data structures," which was "almost identical" to Sophos's proposed alternative construction. Tr. 15. Sophos also proposed an alternative construction, taken from the IEEE Standard Dictionary of Electrical and Electronic Terms, of "a collection of logically related data stored together in one or more computerized files." Dkt. No. 60 at 3.

Ultimately, the parties' disagreement centers on whether "database" includes "simple files, such as a log file." Dkt No. 58 at 10. While Sophos contends that a log file is included within the definition of database, Finjan claims that it is not. According to Finjan, a log file is unstructured collection of data on a computer. Id. at 11. Sophos argues that a log file, such as the "events log" described in the patent, is a collection of logically related data stored together and thus a database. Dkt. No. 60 at 3.

The term "database" should be construed because the parties dispute the categorization of "log file" as a "database," and because the term is sufficiently technical in the context of this patent that a construction would aid the jury. Moreover, although at least one court has declined to construe the term "database," see MOAEC, Inc. v. Pandora Media, Inc., No. 07-CV-654-BBC, 2008 WL 4500704, at *6 (W.D. Wis. Sept. 30, 2008) ("I conclude that the term "database" . . . does not need construction because its plain and ordinary meaning is easily discernible from the claim language"), many courts have chosen to construe the term. See, e.g., Select Retrieval LLC v. Amerimark Direct LLC, No. 1:11-CV-00812-RGA, 2014 WL 1092387, at *1 (D. Del. Mar. 14, 2014) (rejecting argument that "database" need not be construed); see also Transcenic, Inc. v. Google Inc. , 7 F. Supp. 3d 405, 411 (D. Del. 2013); Clear With Computers, LLC v. Hyundai Motor Am., Inc., No. 6:09 CV 479, 2011 WL 43454, at *6 (E.D. Tex. Jan. 5, 2011); Timeline, Inc. v. Proclarity Corp., No. C05-1013JLR, 2006 WL 6143242, at *11 (W.D. Wash. June 29, 2006); Soverain Software LLC v. Amazon.com, Inc., No. 6:04-CV-14, 2005 WL 6225276, at *10 (E.D. Tex. Apr. 7, 2005).

The specifications of the '494 and '926 patents are identical. Neither patent defines the term "database," and there is no evidence that Finjan "disavow[ed] the full scope of a claim term either in the specification or during prosecution." Thorner, 669 F.3d at 1365. Thus, the plain and ordinary meaning to a person skilled in the art should prevail.

The claims at issue refer to a "database" of "Downloadable security profiles indexed according to Downloadable IDs." '926 patent at 22:26-28. A database manager uses the database to retrieve security profile data for an incoming Downloadable. Id. at 22:25-28. This language supports Finjan's definition of the term "database." The database indexes information according to a database schema (Downloadable IDs) and serves an application (a database manager) in the antivirus process.

The specification mentions a "database" twice. First, it refers to a "protected destination set, such as a protected destinations list, array, database, etc." where received information is sent. Id. at 9:54-55 (emphasis added). Second, it mentions "[a]ny suitable explicit or referencing list, database or other storage structure(s) or storage structure configuration(s)" that "can [] be utilized to implement a suitable user/device based protection scheme . . . or other desired protection schema." Id. at 16:51-55 (emphasis added). These references indicate that a database is used as an information source that serves protection engines when they inspect Downloadables.

Although Sophos asserts that the '926 specification compares a database to a "list or array," indicating that it should be understood broadly enough to encompass simple files such as a log file, see Dkt. No. 60 at 3, I find this argument unpersuasive. The fact that a database is listed along with more simple files does not mean that the database includes or is equated with these types of files. In fact, one could argue that this list serves to further differentiate a database from simpler files. Because this argument goes either way, the first reference to "database" in the '926 patent does not provide significant guidance.

The '780 patent, of which the '494 and '926 patents are continuations, reflects the same understanding of database in its reference to a "security database." It states that: "[t]he security program 255 operates in conjunction with the security database [], which includes security policies [], known Downloadables [], known Certificates []and Downloadable Security Profile (DSP) data []corresponding to the known Downloadables." '780 patent at 4:23-27 (Dkt. No. 58-3) (emphasis added). Essentially, the security database stores "security information for determining whether a received Downloadable is to be deemed suspicious." Id. at 3:57-59. The '780 patent also refers to an "event log," stating that it "includes determination results for each Downloadable examined and runtime indications of the internal network security system." Id. at 3:62-64. Later on, the patent refers several times to the event log as storing status reports for subsequent review. Id. at 4:22-9:27.

The patent's language and context supports Finjan's definition of a database. The specifications illustrate that a "database" serves applications, a characteristic that is not included in Sophos's definition. The fact that a database assists applications also undermines Sophos's argument that a log file is a database, because a log file is more properly understood as a passive record, instead of a storage device that interacts with an application. The '780 patent also differentiates between log files and "databases" by referring to them separately.

In addition, Finjan's expert, Nenad Medvidovic, states that a person of ordinary skill in the art would understand "database" to mean "a collection of interrelated data organized according to a database schema to serve one or more applications." Dkt. No. 58-12 at 13. Medvidovic further states that "[a] person would understand a simple log file is not a database because it is not structured like a database . . . A database, on the other hand, is a structured software component that allows user and other software components to store and retrieve data in an efficient manner." Id. Sophos does not present a competing expert opinion. Medvidovic's definition appears reasonable when compared to the language of the patent and the definitions from computing dictionaries such as the IBM Dictionary of Computing and the IEEE Standard Dictionary of Electrical and Electronics Terms.

The practical import of adopting the IEEE definition or the IBM definition cited by the parties is largely the same, as both definitions appear to exclude "log files." The IBM definition requires that a database have a given structure or that it serve one or more applications. The IEEE definition requires that the data be "logically related" or accessible by users or programs via a database management system. By contrast, a log file records information independently of any logic. Similarly, a log file is not used by applications in performing functions, but is reviewed by a user or other program. As suggested by the language of the patents, the term "database" is not broad enough to include a log file.

I am persuaded by Finjan's assertion that "[t]he claim language of the asserted patents all relate to the storage of data within the database in the context of the security profile or the downloadable security profile. The system actively uses these security profiles to detect malware and manage the system, not just for archival storage." Dkt. No. 58 at 11 (citations omitted). Therefore, I find that a log file does not qualify as a database in the context of this patent. Because Finjan's definition appears to reflect both the context of the patent as well as a well-accepted definition of the term, I adopt Finjan's construction of "database."

II. CONSTRUCTION OF TERMS IN THE '918 PATENT

The '918 patent describes a "system and method for enforcing a security context on a Downloadable." '918 patent at 1 (Dkt. No. 58-4). It provides a method for computer security, including receiving a Downloadable, deriving a security profile for it, and processing it in accordance with a security context. Id.

A. "CODE-C" ('918 patent, claims 12, 22)

Finjan's proposed

construction

Sophos's proposed

construction

Court's construction

Combined code

Combined code created at the

gateway computer

Combined code


As Finjan points out, "CODE-C is a term coined by Finjan for the '918 Patent and has no readily understood meaning outside the context of the '918 Patent and claims." Dkt. No. 58 at 8. Sophos seeks to limit the term as imposing a requirement that CODE-C be created at the gateway computer. Alternatively, Sophos states that it could "accept a construction with appropriately limiting language that is in accord with the intrinsic record, i.e., 'CODE-C means combined code not created by the client computer.'" Dkt. No. 60 at 14. In support of its position, it argues that: (i) the purpose of the technology depends upon preventing viruses from entering a computer network to begin with, and that the process cannot take place on a client computer; (ii) the patent does not require that security software be installed on a client computer; and (iii) "every disclosed embodiment requires CODE-C . . . be created at a gateway computer," thus expressing an intention to limit the claim scope. Id. at 11-13.

Sophos's first argument regarding the purpose of the technology misstates the language of the patent. In describing the creation of CODE-C, the patent abstract does not mention a gateway computer. '918 patent at 1. Although it anticipates a computer network as opposed to a single computer, it does not strictly require that the patent be executed on a network of multiple computers.

Second, Sophos refers to the statement in the patent that "[t]he present invention has several advantages, including . . . [that] [t]he present invention does not require installation of security software on a client computer." Id. at 11:12-19. But this language does not exclude the possibility of installation on a client computer, and the fact that a patent may have a certain advantage in one area does not require the Court to limit its application to that area.

Sophos's third argument, that the patent's description expresses an intent to limit the scope of "CODE-C" to gateway and/or non-client computers, relies upon the principle "[c]laims must be read in view of the specification, of which they are a part." SciMed Life Sys., Inc. v. Advanced Cardiovascular Sys., Inc., 242 F.3d 1337, 1340 (Fed. Cir. 2001) (internal citations and quotations omitted). In this case, the embodiments of the patent involve CODE-C being created at a computer separate from the destination or client computer - at a "gateway computer." By this logic, the specification may limit the scope of the term "CODE-C."

At the same time, there is a competing construction principle that provides that "it is axiomatic that without more the court will not limit claim terms to a preferred embodiment described in the specification." SanDisk Corp. v. Memorex Products, Inc., 415 F.3d 1278, 1286 (Fed. Cir. 2005). When examining the embodiments in the patent specification, it becomes clear that this case is more akin to cases where courts have declined to limit a patent claim to its embodiment than to the cases cited by Sophos, which find that patent descriptions and embodiments may limit a claim. In Sophos's cases, the specification did not leave room for other embodiments of the invention or otherwise disavowed a broader construction of the term at issue. For example, in Toro Co. v. White Consolidated Industries, Inc., the court stated that "[t]he claim word . . . is not construed in a lexicographic vacuum, but in the context of the specification and drawings." 199 F.3d 1295, 1301 (Fed. Cir. 1999). It noted that the specification at issue did "not describe an invention broader than this description [of the claim term]. . . Nowhere in the specification, including its twenty-one drawings, is the [broader definition of the term adopted]." Id.; see also Wang Labs., Inc. v. Am. Online, Inc., 197 F.3d 1377, 1383 (Fed. Cir. 1999).

In this case, the patent repeatedly refers to a "preferred embodiment" and states that:

[T]he invention has been described with reference to specific exemplary embodiments thereof . . . various modifications and changes may be made to the specific exemplary embodiments without departing from the broader spirit and scope of the invention as set forth in the appended claims. Accordingly, the specification and drawings are to be regarded in an illustrative rather than a restrictive sense.
'918 patent at 11:39-46. The patent description does not contemplate only computer networks with a gateway computer. There is also no compelling indication that the patent description disavows the construction of the term "CODE-C" as it is defined in the claim. For these reasons, I disagree with Sophos's argument that the patent exhibits a "clear intention to limit the claim scope." Dkt. No. 60 at 13.

In addition, the patentee may act as his own lexicographer. See Thorner, 669 F.3d at 1365. Claim 12 and the patent specification explicitly define CODE-C as "combined code." Claim 22 describes CODE-C as executable code consisting of "(i) wrapper executable code ("CODE-B"), (ii) potentially malicious executable code ("CODE-A"), and (iii) information about a computer account for CODE-A . . . ." '918 patent at 13:42-45. These definitions do not require that CODE- C be created at a gateway computer.

The language of the claims undermines Sophos's limitation of the term "CODE-C." Claim 22 states that CODE-C is "download[ed], by a computer . . ." Id. at 13:41. Although the patent drafter could have specified that this computer was a gateway computer or a non-client computer, as it did in Claim 12, it did not. See id. at 12:32 (referring to "[a] computer security system for a gateway computer.").

During oral argument, Sophos argued for the first time that the patent's prosecution history evinced an intent to limit CODE-C's creation to a non-client computer. Tr. 7-9. But the cited language discusses a part of the claim that is distinct from the term CODE-C, and Sophos's last-minute argument does not alter my construction.
--------

For these reasons, the patent language supports Finjan's and not Sophos's construction of the term "CODE-C." Nothing about the definition or discussion of CODE-C itself indicates that CODE-C cannot be created on the client computer. I adopt Finjan's construction in accordance with both the specification and the patent's own definition of the term.

III. MEANS-PLUS-FUNCTION TERMS IN THE '844 PATENT

If a claim uses the word "means," courts apply a presumption that a means-function analysis under section 112 ¶ 6, now 112(f), applies. Cross Med. Products, Inc. v. Medtronic Sofamor Danek, Inc., 424 F.3d 1293, 1303 (Fed. Cir. 2005). In this case, neither party disputes that section 112(f) applies. See Dkt. No. 58 at 12-13; Dkt. No. 60 at 9. 35 U.S.C. § 112(f) states that: "[a]n element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof." 35 U.S.C.A. § 112(f).

Claim construction of a means-plus-function limitation includes two steps. "First, the court must determine the claimed function." Applied Med. Res. Corp. v. U.S. Surgical Corp., 448 F.3d 1324, 1332 (Fed. Cir. 2006) (internal citations and quotations omitted). "The second step in the analysis is to look to the specification and identify the corresponding structure for that function. Under this second step, structure disclosed in the specification is 'corresponding' structure only if the specification or prosecution history clearly links or associates that structure to the function recited in the claim. " Med. Instrumentation & Diagnostics Corp. v. Elekta AB, 344 F.3d 1205, 1210 (Fed. Cir. 2003) (internal citations and quotations omitted). "The duty of a patentee to clearly link or associate structure with the claimed function is the quid pro quo for allowing the patentee to express the claim in terms of function under section 112, paragraph 6." Id. at 1211.

Section 112(f) "was intended to permit the use of means expressions in patent claims" without requiring the patentee to recite all possible structures that could be used as means in the claimed apparatus." O.I. Corp. v. Tekmar Co., 115 F.3d 1576, 1583 (Fed. Cir. 1997). However, "[t]he price that must be paid for use of that convenience is limitation of the claim to the means specified in the written description and equivalents thereof." Id. If the specification does not sufficiently identify the structure that corresponds to the function, then the claim fails for indefiniteness. Med. Instrumentation & Diagnostics Corp., 344 F.3d at 1211. "The requirement that the claims particularly point[] out and distinctly claim[] the invention is met when a person experienced in the field of the invention would understand the scope of the subject matter that is patented when the claim is read in conjunction with the rest of the specification." Id. (internal citations and quotations omitted).

The Federal Circuit has further stated that "[i]n cases involving a computer-implemented invention in which the inventor has invoked means-plus-function claiming, this court has consistently required that the structure disclosed in the specification be more than simply a general purpose computer or microprocessor." Aristocrat Technologies Australia Pty Ltd. v. Int'l Game Tech., 521 F.3d 1328, 1333 (Fed. Cir. 2008). If the structure involves a computer or a microprocessor, the patent must disclose the algorithm that differentiates the microprocessor from others. Id. However, the algorithm need not always be "highly detailed." Id. at 1338; see also Ergo Licensing, LLC v. CareFusion 303, Inc., 673 F.3d 1361, 1364 (Fed. Cir. 2012).

The '844 patent provides a "system and method for attaching a Downloadable security profile to a Downloadable." '844 patent at 1 (Dkt. No. 58-2). Claim 43 has three limitations that are means-plus-function limitations: (i) "means for receiving a Downloadable;" (ii) "means for generating a first Downloadable security profile that identifies suspicious code in the received Downloadable;" and (iii) "means for generating a first Downloadable security profile that identifies suspicious code in the received Downloadable."

A. "Means for receiving a Downloadable" ('844 patent, claim 43)

Finjan's proposed

construction

Sophos's proposed

construction

Court's construction

Function: receiving a

Downloadable

Structure: Downloadable file

interceptor

Indefinite

Function: receiving a

Downloadable

Structure: Downloadable file

interceptor


The parties do not dispute that the claimed function is "receiving a Downloadable." Instead, the issue relates to the corresponding structure that performs the function. In its briefs, Sophos argued that "means for receiving a Downloadable" is indefinite. See Dkt. No. 60 at 8. It contended that Finjan's proposed structure, a Downloadable file interceptor, is a general purpose microprocessor "programmed to perform an algorithm to 'receiv[e] a downloadable.'" Id. at 6. Sophos asserted that the patent does not disclose any algorithm used by the Downloadable file interceptor to perform its function.

At the Markman hearing, Sophos conceded for the first time that there was a structure corresponding to "means for receiving a Downloadable." Tr. 21. However, it did not agree that that structure was a "Downloadable file interceptor." Id. Sophos's new argument during the hearing was inappropriate. Sophos itself acknowledged that waiver would apply if it "chang[ed] the scope of [its] argument" instead of simply "citing additional evidence." Id. at 19. At the hearing, it apparently abandoned the argument it made in its briefs in favor of an entirely new argument. I will not consider these arguments. See Fujitsu Ltd. V. Belkin Int'l, Inc., No. 10-CV-0392-LHK, 2012 WL 368574, at *6 (N.D. Cal. Feb. 3, 2012 ("Ordinarily, the Court would find that any arguments not made in the claim construction briefing have been waived and may not be raised for the first time at the Markman hearing."). However, I note that Sophos's new argument is unpersuasive because the structure for "means for receiving a Downloadable" is unambiguous: the Downloadable file interceptor.

The claim refers to the "means for receiving a Downloadable" as part of an "inspector system" that examines incoming files. '844 patent at 14:35-42. The claim specification describes an inspector that "includes a content inspection engine [] for examining a received Downloadable, e.g., the signed Downloadable received from the developer [], for generating a Downloadable Security Profile (DSP) based on a rules base [] for the Downloadable, and for attaching the DSP to the Downloadable." Id. at 3:66-4:4. Figure 4 of the specification represents the inspector. See id. at Fig. 4. This figure does not include a Downloadable file interceptor. Id. at Fig. 4, 6:66-7:40.

"Downloadable file interceptor" is mentioned in the patent specification three times. Figure 5 labels a "Downloadable file interceptor" in a flow chart. Id. at Fig. 5. In discussing this figure, the patent specification states that Figure 5 represents "a generic protection engine [], which . . . includes a Downloadable file interceptor 505 for intercepting incoming Downloadables (i.e. Downloadable files) for inspection, and a file reader . . . ." Id. at 7:41-58 (emphasis added). The only other mention of the term "Downloadable file interceptor" is in the patent's discussion of Figure 7, described as "a flowchart illustrating a method 700 for examining a Downloadable (whether or not signed and inspected). Id. at Fig. 7, 9:19-22. The method 700 "begins with the Downloadable file interceptor 505 in step 705 receiving a Downloadable file" Id. (emphasis added). The clear terms of the patent therefore designate the Downloadable file interceptor as the structure that performs the function "receiving a Downloadable."

Finjan appears to concede that the Downloadable file interceptor is a general purpose microprocessor. Dkt. No. 62 at 10-11. Therefore, the structure must either disclose an algorithm by which it performs its function or fall under an exception to this general rule. See, e.g., Blackboard, Inc. v. Desire2Learn, Inc., 574 F.3d 1371, 1382 (Fed. Cir. 2009); see also Ergo LLC, 673 F.3d at 1363-64.

Finjan cites In re Katz Interactive Call Processing Patent Litigation, 639 F.3d 1303, 1316 (Fed. Cir. 2011), which establishes an exception that provides that a patent need not disclose an algorithm for a general purpose microprocessor. Dkt. No. 62 at 11. Katz states that "[a]bsent a possible narrower construction of the terms 'processing,' 'receiving,' and 'storing,' discussed below, those functions can be achieved by any general purpose computer without special programming. As such, it [is] not necessary to disclose more structure than the general purpose processor that performs those functions." Katz, 639 F.3d at 1316.

Other courts have followed Katz in finding that "means for receiving" functions are not indefinite where they fail to specify an algorithm. See Freeny v. Murphy USA Inc., No. 2:13-CV-791-RSP, 2015 WL 294102, at *37 (E.D. Tex. Jan. 21, 2015) ("means for receiving" data does not need algorithm); e-LYNXX Corp. v. Innerworkings, Inc., No. 1:10-CV-2535, 2012 WL 4484921, at *19 (M.D. Pa. Sept. 27, 2012) ("means for receiving an electronic communication" does not require disclosed algorithm); but see Porto Tech. Co. v. Cellco P'ship, No. 3:13CV265-HEH, 2013 WL 6571844, at *6-7 (E.D. Va. Dec. 13, 2013) ("means for receiving" traffic map does not fall under Katz exception).

The patent's context demonstrates that no specific computer-implemented functions are necessary to receive a Downloadable. "Receiving a Downloadable" is a simple function that consists of accepting or intercepting downloaded content when it is initially downloaded and before more complex operations process the file. From the descriptions in the patent, it does not appear that the word "receiving" has a narrower reading than the plain and ordinary meaning. Therefore, the patent does not need to specify an algorithm. Under Katz, which governs in this case, this element is not indefinite since any general purpose microprocessor could "receive a Downloadable."

B. "Means for generating a first Downloadable security profile that identifies suspicious code in the received Downloadable" and "means for linking the first Downloadable security profile to the Downloadable before a web server makes the Downloadable available to web clients"

Finjan's proposed

construction

Sophos's proposed

construction

Court's construction

Governed by 35 U.S.C. §

112(6):

Function: generating a first

Downloadable security profile

that identifies suspicious code

in the received Downloadable

Structure: content inspection

engine

Indefinite

Governed by 35 U.S.C. §

112(6):

Function: generating a first

Downloadable security profile

that identifies suspicious code

in the received Downloadable

Structure: content inspection

engine

Governed by 35 U.S.C. §

112(6):

Function: linking the first

Indefinite

Governed by 35 U.S.C. §

112(6):

Function: linking the first



Downloadable security profile

to the Downloadable before a

web server makes the

Downloadable available to

web clients

Structure: content inspection

engine

Downloadable security profile

to the Downloadable before a

web server makes the

Downloadable available to

web clients

Structure: content inspection

engine


Once again, the parties do not dispute that the functions of these claims are respectively (i) "generating a first Downloadable security profile that identifies suspicious code in the received Downloadable," and (ii) "linking the first Downloadable security profile to the Downloadable before a web server makes the Downloadable available to web clients." However, they differ on whether the structure for these functions is sufficiently definite.

Sophos contends that Finjan's proposed structure, "content inspection engine," is not described with sufficient specificity in the patent. Dkt. No. 60 at 8. It further argues that there is no algorithm that explains how the content inspection engine generates a Downloadable security profile or links the first Downloadable security profile to the Downloadable. Id. at 9-10. Sophos "submits [that] in the alternative, the Court can construe the corresponding structure of [the second] limitation to be: processor 405 + signal bus 410 + data storage device 430 + internal storage 435 + and an algorithm . . . ." Dkt. No. 60 at 9.

Finjan's proposed structure in this case, "content inspection engine," is mentioned many times in the patent specification. The overall function and structure of the content inspection engine is described in the summary of the invention as follows:

The inspector includes a content inspection engine that uses a set of rules to generate a Downloadable security profile corresponding to a Downloadable. The content inspection engine links the Downloadable security profile to the Downloadable. The set of rules may include a list of suspicious operations, or a list of suspicious code patterns. The first content inspection engine may link to the Downloadable a certificate that identifies the content inspection engine which created the Downloadable security profile. The system may include additional content inspection engines for generating and linking additional Downloadable security profiles to the Downloadable.
'844 patent at 2:3-14 (emphasis added). This plainly indicates that the content inspection engine performs the function of "generating a first Downloadable security profile that identifies suspicious code in the received Downloadable." See id. at 2:51-52; see also id. at 2:3-5 ("a content inspection engine . . . uses a set of rules to generate a Downloadable security profile"). Similarly, it is clear that the content inspection engine "links the Downloadable security profile to the Downloadable." Id. at 2:6-7.

In discussing the preferred embodiment, the patent describes with further specificity how the content inspection engine operates. This essentially involves running a "digital hash" or mapping function on the Downloadable's code in order to determine what types of code are contained in the Downloadable. Id. at 4:35-58. The patent discusses this hash and the process of generating a Downloadable ID:

The content inspection engine 160 preferably prefetches all components embodied in or identified by the code for Downloadable ID generation. For example, the content inspection engine 160 may prefetch all classes embodied in or identified by the Java™ applet bytecode, and then may perform a predetermined digital hash on the Downloadable code (and the retrieved components) to generate the Downloadable ID. Similarly, the content inspection engine 160 may retrieve all components listed in the .INF file for an ActiveX™ control to compute a Downloadable ID.
Id. at 4:42-51. Here, the proposed structure is described in substantial detail and provides an algorithm that distinguishes it from other microprocessors or computers. Finjan's expert, Medvicovic, states that a person ordinarily skilled in the art would understand with reasonable certainty that the content inspection engine performs the proffered functions. Dkt. No. 58-12 at 5, 8. See Stamps.com Inc. v. Endicia, Inc., 437 F. App'x 897, 911 (Fed. Cir. 2011) ("In software cases . . . algorithms in the specification need only disclose adequate defining structure to render the bounds of the claim understandable to one of ordinary skill in the art.").

As above, the fact that the patent clearly designates the "content inspection engine" as the corresponding structure defeats Sophos's alternative construction. The patent adequately designates the structure for the functions of "generating a first Downloadable security profile that identifies suspicious code in the received Downloadable" and "linking the first Downloadable security profile to the Downloadable before a web server makes the Downloadable available to web clients." This structure is not indefinite, and I adopt Finjan's proposed construction.

CONCLUSION

For the reasons above, I construe the disputed terms as follows:

"Database" as used in claim 22 of the '926 patent and claims 1 and 10 of the '494 patent is defined as: "a collection of interrelated data organized according to a database schema to serve one or more applications."

"CODE-C" as used in claims 12 and 22 of the '918 patent is defined as: "combined code."

"Means for receiving a Downloadable" in claim 43 of the '844 patent is a means-plus-function limitation, in which the function is "receiving a Downloadable," and the corresponding structure is "Downloadable file interceptor."

"Means for generating a first Downloadable security profile that identifies suspicious code in the received Downloadable" is a means-plus-function limitation, in which the function is "generating a first Downloadable security profile that identifies suspicious code in the received Downloadable," and the corresponding structure is "content inspection engine."

"Means for linking the first Downloadable security profile to the Downloadable before a web server makes the Downloadable available to web clients" is a means-plus-function limitation, in which the function is "linking the first Downloadable security profile to the Downloadable before a web server makes the Downloadable available to web clients" and the corresponding structure is "content inspection engine."

IT IS SO ORDERED. Dated: March 2, 2015

/s/_________

WILLIAM H. ORRICK

United States District Judge


Summaries of

Finjan, Inc. v. Sophos Inc.

UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA
Mar 2, 2015
Case No. 14-cv-01197-WHO (N.D. Cal. Mar. 2, 2015)

finding arguments raised for the first time at Markman hearing, but not included in briefing, were waived

Summary of this case from Protegrity USA, Inc. v. Netskope, Inc.

In Finjan, Inc. v. Sophos, Inc., No. 14-CV-01197-WHO, 2015 WL 890621, at *2-4 (N.D. Cal. Mar. 2, 2015), Judge Orrick adopted Finjan's identical proposed construction of "database" in the same patents at issue here, on the ground that this construction reflects the patents' "context" and the "well-accepted definition of the term."

Summary of this case from Finjan, Inc. v. Symantec Corp.
Case details for

Finjan, Inc. v. Sophos Inc.

Case Details

Full title:FINJAN, INC., Plaintiff, v. SOPHOS, INC., Defendant.

Court:UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA

Date published: Mar 2, 2015

Citations

Case No. 14-cv-01197-WHO (N.D. Cal. Mar. 2, 2015)

Citing Cases

Protegrity USA, Inc. v. Netskope, Inc.

As to the term for which a construction was offered at the hearing, the Court need not consider this untimely…

Finjan, Inc. v. Symantec Corp.

As observed by Judge Chen, the Supreme Court has stressed the particular importance of intrajurisdictional…