Case 3:17-cv-05659-WHA Document 154 Filed 07/12/18 Page 1 of 20
`
`
`PAUL ANDRE (State Bar No. 196585)
`pandre@kramerlevin.com
`LISA KOBIALKA (State Bar No. 191404)
`lkobialka@kramerlevin.com
`JAMES HANNAH (State Bar No. 237978)
`jhannah@kramerlevin.com
`KRISTOPHER KASTENS (State Bar No. 254797)
`kkastens@kramerlevin.com
`KRAMER LEVIN NAFTALIS & FRANKEL LLP
`990 Marsh Road
`Menlo Park, CA 94025
`Telephone: (650) 752-1700
`Facsimile: (650) 752-1800
`
`Attorneys for Plaintiff
`FINJAN, INC.
`
`
`IN THE UNITED STATES DISTRICT COURT
`
`FOR THE NORTHERN DISTRICT OF CALIFORNIA
`
`FINJAN, INC., a Delaware Corporation,
`
`
`
`
`
`
`Plaintiff,
`
`v.
`
`SAN FRANCISCO DIVISION
`
`Case No.: 3:17-cv-05659-WHA
`
`PLAINTIFF FINJAN, INC.’S REPLY IN
`SUPPORT OF ITS MOTION FOR
`SUMMARY JUDGMENT OF INRINGEMENT
`OF CLAIM 10 OF U.S. PATENT NO. 8,677,494
`
`Date:
`Time:
`Courtroom:
`Before:
`
`
`
`JUNIPER NETWORKS, INC., a Delaware
`Corporation,
`
`
`Defendant.
`
`
`July 26, 2018
`8:00 a.m.
`Courtroom 12, 19th Floor
`Hon. William Alsup
`
`
`
`
`
`
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`
`REPLY IN SUPPORT OF FINJAN’S MTN. FOR SUM. JUDG.
`
`CASE NO. 3:17-cv-05659-WHA
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`

`

`Case 3:17-cv-05659-WHA Document 154 Filed 07/12/18 Page 2 of 20
`
`
`TABLE OF CONTENTS
`
`Page
`
`I.
`
`CLAIM CONSTRUCTION .......................................................................................................... 1
`
`A.
`
`
`B.
`
`
`
`“database” ...............................................................................................................................1
`
`“Downloadable Scanner” ........................................................................................................2
`
`C.
`
` Suspicious Computer Operations ............................................................................................3
`
`D.
`
` A List of Suspicious Computer Operations ............................................................................4
`
`E.
`
` Database Manager ...................................................................................................................5
`
`II.
`
`INFRINGEMENT......................................................................................................................... 6
`
`
`
` Preamble and Element 10(a) is Met ........................................................................................6 A.
`
`B.
`
` Element 10(b) is Met ..............................................................................................................6
`
`1.
`
` Malware Analysis Pipeline (“MAP”) is a “Downloadable Scanner” ............................6
`
`2.
`
` MAP creates “a list of suspicious computer operations that may be
`attempted by the Downloadable.” ..................................................................................7
`
`
`
` Element 10(c) is Met ...............................................................................................................8 C.
`
`1.
`
` MAP Stores the Downloadable Security Profile (“DSP”) Data in the
`......................................................................................................................8
`
`2.
`
`
`
`The
`
` has a “Database Manager” .................................................................10
`
`CLAIM 10 IS ELIGIBLE UNDER 35 U.S.C. § 101.................................................................. 11
`
`FINJAN COMPLIED WITH 35 U.S.C. § 287 ........................................................................... 13
`
`CONCLUSION ........................................................................................................................... 15
`
`III.
`
`IV.
`
`V.
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`i
`REPLY IN SUPPORT OF FINJAN’S MTN. FOR SUM. JUDG.
`
`CASE NO. 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 154 Filed 07/12/18 Page 3 of 20
`
`
`TABLE OF AUTHORITIES
`
`
`
`Page(s)
`
`Cases
`
`Arctic Cat Inc. v. Bombardier Recreational Prods. Inc.,
`876 F.3d 1350 (Fed. Cir. 2017)......................................................................................................... 15
`
`Baldwin Graphic Sys., Inc. v. Siebert, Inc.,
`512 F.3d 1338 (Fed. Cir. 2008)........................................................................................................... 9
`
`Berkheimer v. HP Inc.,
`881 F.3d 1360 (Fed. Cir. 2018)......................................................................................................... 13
`
`Blitzsafe Tex., LLC v. Honda Motor Co.,
`No. 2:15-cv-1274-JRG-RSP,
`2017 U.S. Dist. LEXIS 58358 (E.D. Tex. Jan. 26, 2017) ................................................................. 15
`
`Bradford Co. v. Jefferson Smurfit Corp.,
`No. 2000-1511, 2001 WL 35738792 (Fed. Cir. Oct. 31, 2001)........................................................ 13
`
`Cioffi v. Google, Inc.,
`632 Fed. App’x 1013 (Fed. Cir. 2015)................................................................................................ 4
`
`Crane Security Techs., Inc. v. Rolling Optics AB,
`No. 14-12428-LTS, 2018 U.S. Dist. LEXIS 12730 (D. Mass. Jan. 26, 2018) ................................. 14
`
`Dynamic Drinkware, LLC v. National Graphics, Inc.,
`800 F.3d 1375 (Fed. Cir. 2015)........................................................................................................... 2
`
`Finjan, Inc. v. Blue Coat Sys., Inc.,
`879 F.3d 1299 (Fed. Cir. 2018)................................................................................................... 11, 12
`
`Finjan, Inc. v. Blue Coat Sys. LLC,
`No. 15-cv-03295-BLF, 2016 WL 7212322 (N.D. Cal. Dec. 13, 2016) .............................. 3, 5, 12, 13
`
`Finjan, Inc. v. McAfee, Inc.,
`No. 10-cv-00593 (GMS), Dkt. 326 (D. Del. Dec. 29, 2012) .......................................................... 3, 5
`
`Finjan, Inc. v. Proofpoint, Inc.,
`No. 13-cv-05808-HSG, Dkt. 117-1 (N.D. Cal. January 26, 2015) ..................................................... 3
`
`Finjan, Inc. v. Sophos, Inc.,
`244 F. Supp. 3d 1016 (N.D. Cal. 2015) .................................................................................. 3, 12, 13
`
`Funai Elec. Co. v. Daewoo Elecs. Corp.,
`616 F.3d 1357 (Fed. Cir. 2010)......................................................................................................... 14
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`i
`REPLY IN SUPPORT OF FINJAN’S MTN. FOR SUM. JUDG.
`
`CASE NO. 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 154 Filed 07/12/18 Page 4 of 20
`
`
`Gart v. Logitech, Inc.,
`254 F.3d 1334 (Fed. Cir. 2001)......................................................................................................... 14
`
`Info-Hold, Inc. v. Applied Media Techs. Corp.,
`783 F.3d 1262 (Fed. Cir. 2015)........................................................................................................... 2
`
`KSR Int’l Co. v. Teleflex Inc.,
`550 U.S. 398 (2007) .......................................................................................................................... 13
`
`Menda Biton v. Menda,
`796 F. Supp. 631 (D.P.R. 1992) ........................................................................................................ 14
`
`North Am. Watch Corp. v. Princess Ermine Jewels,
`786 F.2d 1447 (9th Cir. 1986) .................................................................................................... 14, 15
`
`Palo Alto Networks, Inc. v. Finjan, Inc.,
`No. 2017-2543, Dkt. 42 (Fed. Cir. May 22, 2018) ....................................................................... 5, 11
`
`SAS Inst., Inc. v. ComplementSoft, LLC,
`825 F.3d 1341 (Fed. Cir. 2016)........................................................................................................... 5
`
`Sonix Techs. Co. v. Pubs. Int’l, Ltd.,
`844 F.3d 1370 (Fed. Cir. 2017)........................................................................................................... 4
`
`Trading Techs. Int’l, Inc. v. CQG, Inc.,
`675 F. App’x 1001 (Fed. Cir. 2017) ................................................................................................. 11
`
`Statutes
`
`18 U.S.C.A. § 2510 ................................................................................................................................. 14
`
`18 U.S.C. § 2511(2)(d) ........................................................................................................................... 13
`
`35 U.S.C. § 101 ................................................................................................................................. 11, 13
`
`35 U.S.C. § 287 ....................................................................................................................................... 13
`
`Cal. Penal Code § 632 (a), (b)................................................................................................................. 13
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`ii
`REPLY IN SUPPORT OF FINJAN’S MTN. FOR SUM. JUDG.
`
`CASE NO. 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 154 Filed 07/12/18 Page 5 of 20
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`I.
`
`CLAIM CONSTRUCTION
`
`Since Juniper infringes under a plain reading of the claims, Juniper raises at least seven
`
`different claim construction proposals. Even under these proposals, however, Juniper still infringes.
`“database”
`A.
`
`Juniper: “a collection of interrelated data1
`Finjan: plain and ordinary meaning, which is “a
`organized according to a database schema2
`collection of interrelated data organized according to
`to serve one or more applications”
`a database schema to serve one or more applications”
`Juniper adopts Finjan’s construction for “database” but adds several unsupported and
`
`limitations in its further construction of the plain and ordinary meaning based upon misstatements
`
`about Finjan’s positions and what occurred during IPRs. First, Finjan never argued during the IPRs
`
`that the “data” needs to be in a table with rows and columns and, as such, Juniper’s additional
`
`construction of “data” to be in a “table” and further construction of “table” is unwarranted because
`
`Finjan never said that “data” in all databases must be in a table. Rather, Finjan argued that a particular
`
`“flat file” was not a “flat file database” because the particular implementation in a “flat file database”
`
`uses a table. Dkt. 126-16 at 38 (a POSA understands “Swimmer’s audit record to be a flat file … not a
`flat file database …”). Finjan also never asserted that a table requires rows and columns and Juniper’s
`claims are not in the intrinsic record and contradicted by dictionary definitions. Reply Ex. 13 at 571
`(“Table A set of contiguous, related items, each uniquely identified either by its relative position in the
`
`set or by some label”). Juniper’s dictionary is inapplicable because Juniper chose a construction
`
`limited only to a particular type of database, a “relational database.” Dkt. 126-10. While Juniper tries
`
`to narrow “database schema,” the PTAB applied “database schema” to be a clearly defined
`
`organizational structure. IPR2015-01892, Paper No. 58 at 41 (PTAB finding a comma-delimited file
`
`format found to be a database schema because it had a defined structure).
`
`
`1 Juniper construes “data” as “data stored in tables,” and “tables” as “rows and columns.” Opp. at 6-7.
`2 Juniper construes “organized according to a database schema” as a “description of a database to a
`database management system (DBMS) in the language provided by the DBMS.” Opp. at 6.
`3 Unless otherwise indicated, all “Reply Ex. _” references herein are to the Declaration of Kristopher
`Kastens in Support of Finjan’s Reply in Support of Its Motion for Summary Judgment filed herewith.
`
`
`
`1
`REPLY IN SUPPORT OF FINJAN’S MTN. FOR SUM. JUDG.
`
`CASE NO. 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 154 Filed 07/12/18 Page 6 of 20
`
`
`B.
`“Downloadable Scanner”
`
`Finjan: plain and ordinary meaning, which is “a
`component which examines Downloadables for
`suspicious computer operations”
`The intrinsic record shows that “Downloadable scanner” is “a component which examines a
`
`Juniper: “scanner” is “a static analyzer that
`uses parsing techniques to decompose the code”
`
`Downloadable for suspicious computer operations,” and includes both static and dynamic analysis, i.e.
`
`runtime analysis. Dkt. 98-5, U.S. Patent No. 6,804,780 (“’780 Patent”), 3:18-22 (the “security system
`
`110 examines Downloadables received from external computer network 105); 3:59-64 (“determination
`
`results for each Downloadable examined and runtime indicators of the internal network security
`
`system …”). This ordinary meaning is consistent with prior cases, where the term was understood to
`
`include both static and dynamic analysis (see e.g., Dkt. 98-8 at 335:14-337:6) and the extrinsic
`
`evidence because it shows scanning is the examination of data. Reply Ex. 2 at 596 (“Scanning The
`
`systematic examination of data.”). Contemporaneous documents also show that a “scanner” includes
`
`dynamic analysis. See e.g., Reply Ex. 3 at Abstract (“A network scanner … has both static (pre-run
`
`time)… and dynamic (run time) scanning”).
`
`
`
`
`
`
`
`Juniper’s construction only covers one embodiment, reading out disclosed scanners that: (1)
`
`examine a Downloadable through content inspection, (2) disassemble, (3) decompose without parsing,
`
`(4) decoding commands, and (5) use run time indicators. ‘780 Patent, 3:18-22, 59-64; 6:16-18; 8:31-
`
`35; 9:38-39, 49-52. Juniper has no disclaimer arguments for its construction because it does not point
`
`to any evidence, clear or otherwise, of Finjan disclaiming dynamic analysis. Opposition (“Opp.”) at 8;
`
`Info-Hold, Inc. v. Applied Media Techs. Corp., 783 F.3d 1262, 1267 (Fed. Cir. 2015) (ordinary
`
`meaning applies unless a clear, intentional disavowal of claim scope). All Juniper points to is Finjan’s
`
`argument that the petitioner’s expert claimed that a particular reference did not disclose a
`
`“Downloadable scanner,” for which the petitioner had the burden. See Dynamic Drinkware, LLC v.
`
`National Graphics, Inc., 800 F.3d 1375, 1378-79 (Fed. Cir. 2015) (petitioner bears burden of
`
`persuasion for invalidity by a preponderance of the evidence). In fact, Finjan’s argument about
`
`“Downloadable scanner” was that there is nothing that generates “a list of suspicious computer
`2
`REPLY IN SUPPORT OF FINJAN’S MTN. FOR SUM. JUDG.
`
`CASE NO. 3:17-cv-05659-WHA
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`

`

`Case 3:17-cv-05659-WHA Document 154 Filed 07/12/18 Page 7 of 20
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`operations” because it did not look for suspicious operations. IPR2015-01892, Paper No. 27 at 28
`
`(argument in “Swimmer’s Activity Data Contained Within an Audit Record Cannot Correspond to
`
`DSP Data Because an Audit Record does not Include a List of Suspicious Computer Operations”
`
`section). Juniper cites no law to support its claim that Finjan’s statements in a patent eligibility hearing
`
`somehow establish disclaimer, particularly when Finjan only gave “parsing techniques to decompose”
`
`as an example. Juniper’s claim that the recited scanner cannot be “dynamic” because it would look for
`
`operations that “do” occur rather than “may” occur is wrong, as dynamic analysis looks for operations
`
`that only “may” occur when the Downloadable is actually run on a target system. Dkt. 98-14 at
`
`FINJAN-JN 044764 (explaining not all operations occur during dynamic analysis and malware is
`
`tricked into “more activity”). Finally, Juniper cites no intrinsic support for adding “static” into its
`
`construction.
`C.
`Suspicious Computer Operations
`
`Finjan: plain and ordinary meaning, which is
`“hostile or potentially hostile computer operations”
`“[S]uspicious computer operations” are operations that are “hostile or potentially hostile.” ‘780
`
`Juniper: indefinite
`
`Patent, 3:22-28, 6:1-14 (“[T]he term ‘suspicious’ includes hostile, potentially hostile, undesirable,
`
`potentially undesirable”, “a Downloadable is deemed suspicious if its performs undesirable operations,
`
`or it if threatens or may threaten the integrity of an internal computer network.”). U.S. Patent No.
`
`8,677,494 (the “’494 Patent”), which incorporates the ‘780 Patent, establishes the contours of the claim
`
`with examples. Id., 6:1-14 (“An Example List of Operations Deemed Potentially Hostile”). Numerous
`courts, third-party experts (including Juniper’s expert)4, and other defendants have agreed or relied on
`a definite interpretation of this term. Finjan, Inc. v. McAfee, Inc., No. 10-cv-00593 (GMS), Dkt. 326 at
`
`*2 and n.3 (D. Del. Dec. 29, 2012); see also Finjan, Inc. v. Blue Coat Systems, LLC, No. 15-cv-03295-
`
`BLF, 2016 WL 7212322, at *2-3 (N.D. Cal. Dec. 13, 2016); Finjan, Inc. v. Proofpoint, Inc., No. 13-
`
`cv-05808-HSG, Dkt. 117-1 at *92-93 (N.D. Cal. January 26, 2015) (opposing expert relying on a
`
`definite interpretation); Finjan, Inc. v. Sophos, Inc., 244 F. Supp. 3d 1016, 1055-61 (N.D. Cal. 2015);
`
`IPR2016-00159, Ex. 1002 at ¶¶ 69-74 (Rubin explaining scope of “suspicious computer operations”).
`
`
`4 Juniper’s expert did not offer an opinion the term was indefinite in his declaration.
`3
`REPLY IN SUPPORT OF FINJAN’S MTN. FOR SUM. JUDG.
`
`CASE NO. 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 154 Filed 07/12/18 Page 8 of 20
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`This term is rooted in computer security analysis and the scope is understood by someone
`
`knowledgeable in compute security. See ‘494 and ‘780 Patents, generally; ‘780 Patent, 1:31-34; Dkt.
`
`125-17 at 75:4-76:9. The law Juniper cites is inapplicable, addressing terms like “aesthetically
`
`pleasing look and feel” or “unobtrusive manner,” which would vary based on an undisclosed viewer’s
`
`preferences. Opp. at 10-11. Contrary to those examples, identifying hostile operations is a science,
`
`including determining if it will “threaten the integrity of an internal network,” an objective standard.
`
`‘780 Patent, 3:22-26; see also Cioffi v. Google, Inc., 632 Fed. App’x 1013, 1023 (Fed. Cir. 2015)
`
`(finding that “critical file” had a well-understood meaning in the art of computer science). In fact, Sky
`
`ATP is able to determine when certain operations are hostile or potentially hostile. Dkt. 97-34
`
`(categorizing operations as “Hostile” and “Suspect”). The examples in the specification also give
`
`direction to a person of ordinary skill in the art on a claim term. Opp. at 10; Sonix Techs. Co. v. Pubs.
`
`Int’l, Ltd., 844 F.3d 1370, 1376’77 (Fed. Cir. 2017) (“visually negligible” found definite based on
`
`examples in the specification). In the case Juniper cites about examples, the claim element was
`
`“predetermined characteristics,” where literally anything as a “characteristic.” Here, the specification
`
`gives guidance, including that the operations cause harmful actions, and examples of operations that
`
`could cause harmful actions. ‘780 Patent, 6:1-24 (examples provided). Finally, Finjan and Dr. Cole
`
`never said that this term was subjective, only that it must be considered in the context of the system
`that examines Downloadables for suspicious operations.5 Mot. at 10.
`D.
`A List of Suspicious Computer Operations
`
`Finjan: plain and ordinary meaning, which is “a list of
`computer operations that are deemed hostile or
`potentially hostile”
`“[A] list of suspicious computer operations,” in the context of the entire claim and the
`
`Juniper: “list of all operations that could
`ever be deemed potentially hostile”
`
`specification, should have its ordinary meaning, applying the plain meaning of “suspicious computer
`
`operations,” (as discussed above), and the operations have actually been “deemed” (or “determined”)
`
`hostile or potentially, as described in the specification. ‘780 Patent, 2:38-44 (“the present invention
`
`
`5 At deposition, Dr. Cole testified that he did not know of a “industry standard” for suspicious
`computer operations, but this is not a basis for indefiniteness, as many technical terms do not have an
`industry standard (or have multiple industry standards). Dkt. 125-17 at 77:1-13.
`4
`REPLY IN SUPPORT OF FINJAN’S MTN. FOR SUM. JUDG.
`
`CASE NO. 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 154 Filed 07/12/18 Page 9 of 20
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`may identify Downloadables that perform operations deemed suspicious … the present invention may
`
`examine the Downloadable code to determine whether the code contains any suspicious operations
`
`…”); 3:56-59 (“whether a received Downloadable is to be deemed suspicious.”).
`
`Juniper re-writes and narrows the claim based on one example embodiment to include terms
`
`like “all” or “ever deemed potentially hostile,” which is impermissible because there is no disclaimer.
`
`Opp. at 11; SAS Inst., Inc. v. ComplementSoft, LLC, 825 F.3d 1341, 1349 (Fed. Cir. 2016) (disclaimer
`
`must be clear and unmistakable). Juniper also ignores that the specification states that the system
`
`“may” (but does not require) “a list of all operations that could ever be deemed potentially hostile,”
`
`and that other example embodiments in the patent are not so narrowed. ‘780 Patent, 2:38-43 (example
`
`without “all” or “ever be deemed”); 4:42-46 (example without “ever be deemed”). It is unrebutted that
`
`other courts have rejected similar constructions or arguments. McAfee, Dkt. 326 at *2 and n.3; Blue
`
`Coat, 2016 WL 7212322, at *11. Contrary to Juniper’s claim, Finjan’s construction also shows that
`
`the system, based on its internal rules or code, will determine (or “deem”) which operations are
`
`suspicious and should be on the list. ‘780 Patent, 3:56-59 (“security information for determining
`
`whether a received Downloadable is to be deemed suspicious.”); Reply Ex. 4 at 128:6-21 (Juniper’s
`
`expert confirming that the claim says that the system deems the computer operations suspicious).
`
`Juniper raises the PTAB’s construction on this term, but this construction is on appeal, as it contradicts
`
`the plain reading without any disclaimer, and as the Director of the USPTO acknowledged, Finjan
`
`never disclaimed claim scope. Palo Alto Networks, Inc. v. Finjan, Inc., No. 2017-2543, Dkt. 42 at 31
`
`(Fed. Cir. May 22, 2018). Finjan’s construction covers all example embodiments Juniper cited
`
`because it includes a list with every operation a system could ever deem potentially hostile. This is
`
`consistent with the description Juniper cited, where the system scans to deem as potentially hostile
`
`“any pattern, which is undesirable or suggests the code was written by a hacker.” ‘780 Patent, 5:64-67.
`Database Manager
`E.
`
`Finjan: plain and ordinary meaning, which
`is “a manager that controls a database”
`
`Juniper: “a program that controls a database so that
`the information it contains can be stored, retrieved,
`updated and sorted”
`A “database manager” is a “manager that controls a database,” which includes storing and
`
`retrieving information from the database, and can also include additional functionality for updating
`5
`REPLY IN SUPPORT OF FINJAN’S MTN. FOR SUM. JUDG.
`
`CASE NO. 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 154 Filed 07/12/18 Page 10 of 20
`
`
`information in the database and returning sorted information from in the database. Finjan argued in the
`
`IPR only that the reference at issue did not disclose a database manager because it “never retrieves any
`
`data from the audit records it generates . . .,” which is a function of controlling a database. IPR2016-
`
`00159, Ex. 2011 at 82. As such, Juniper’s proposed construction adds unnecessary limitations.
`II.
`
`INFRINGEMENT
`
`As an initial matter, Juniper did not disclose its non-infringement theories that: (1) there is no
`
`“scanner” that parses and decomposes, (2) there is no “list of all suspicious operations that could ever
`
`be deemed suspicious,” (3) there is no database schema is in the same language as the database
`
`manager, (4) the data within the database is not “sorted,” and (5) the entirety of a profile must be
`generated before storing in a database.6 See Dkt. 97-20 at 18-19. Juniper had no basis to withhold
`these positions, as Finjan fully disclosed its infringement theories, including by identifying the internal
`
`code names of components. Reply Ex. 4 at 17.
`A.
`
`Juniper does not dispute that Sky ATP alone, and Sky ATP used in combination with the SRX
`
`Preamble and Element 10(a) is Met
`
`Gateway satisfies this element. Mot. at 10-14; see generally, Opp.
`B.
`
`
`Element 10(b) is Met
`
`MAP is a Downloadable scanner because it is a component that examines Downloadables for
`
`1.
`
`Malware Analysis Pipeline (“MAP”) is a “Downloadable Scanner”
`
`suspicious computer operations. Dkt. 97-6, Cole Decl. ¶¶ 31-43; Dkt. 98-14 at FINJAN-JN 044775
`
`(analysis by Sky ATP describes as “File Scanning”). Juniper does not deny that it meets the plain
`
`reading of this element, and does not deny that MAP includes
`
`
`
`the Downloadable. It only argues that Dr. Cole did not offer this opinion (Opp. at 22-23), but it is
`
`undisputed that MAP
`
` Downloadables. Reply Ex. 5, Rubin Depo. at 121:11-22
`
`(Juniper’s expert conceding that MAP
`
`
`
`
`6 Finjan did not submit another expert given the Court’s caution against them in its Supplemental
`Order to Order Setting Initial CMC in Civil Cases (“Standing Order”). To the extent the Court would
`find it helpful, Finjan can provide a supplemental declaration of Dr. Cole, explaining the evidence
`undermining Juniper’s undisclosed non-infringement arguments. Juniper cannot assert issues were not
`addressed when Juniper never disclosed such positions during discovery.
`6
`REPLY IN SUPPORT OF FINJAN’S MTN. FOR SUM. JUDG.
`
`CASE NO. 3:17-cv-05659-WHA
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`

`

`Case 3:17-cv-05659-WHA Document 154 Filed 07/12/18 Page 11 of 20
`
`
` Dr. Cole shows this, stating that
`
`
`
`
`
` Cole Decl. ¶ 35; see
`
`also Dkt. 98-19 at FINJAN-JN 044846. Juniper’s documents describe this process as
`
`
`
`
`
`
`
` Juniper’s attempt to suggest the claims requires these elements rings
`
`hollow as no Court or the PTAB panel has adopted such a construction in any of the multiple cases or
`
`IPRs involving the ‘494 Patent. Opp. at 23. Further, Juniper’s claim that Finjan did not view the
`
`
`
` code is a red herring. Finjan’s experts did not need this code to understand the operations and
`
`used Juniper’s technical documents and detailed summaries of the output of the system. Further,
`
`publicly available documents show unequivocally that
`
` parses and decomposes. Reply Ex. 7
`
`at 1 (“PE file parser that extracts fields and flags”).
`
`Juniper’s only argument against DOE is that Finjan allegedly disclaimed dynamic analysis.
`
`Opp. at 26. However, as discussed above in the claim construction section, Finjan did not disclaim
`
`dynamic analysis, and as such, Juniper infringes under DOE. Cole Decl. ¶ 52.
`
`
`
`2.
`
`MAP creates “a list of suspicious computer operations that may be
`attempted by the Downloadable.”
`Juniper does not dispute that MAP in Sky ATP creates a list of suspicious operations, including
`
`the very operations that the ‘494 Patent lists as “potentially hostile.” Opp. at 23-25; Mot. at 17-20;
`
`Dkt. 98-14 at FINJAN-JN 044763 (records “suspicious” operations, like modifies the registry or writes
`
`to disk);
`
`
`
`Thus, Juniper does not dispute that it creates a list of suspicious operations relevant to determining
`
`whether a Downloadable is harmful. Opp. at 24-25. Even under Juniper interpretation, it satisfies this
`
`element because MAP creates a list of “all” operations that it could ever deem suspicious, and does not
`throw away the operations it collects and deemed could ever be potentially hostile.7 Cole Decl. ¶¶ 31-
`
`
`7 If Juniper argues that the list must include every operation any expert or system could ever identify
`from here to eternity is suspicious or hostile, it is wrong. The system in Claim 10 creates a list based
`on computer operations that it deems potentially hostile. See ‘780 Patent, 5:64-67.
`7
`REPLY IN SUPPORT OF FINJAN’S MTN. FOR SUM. JUDG.
`
`CASE NO. 3:17-cv-05659-WHA
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`

`

`Case 3:17-cv-05659-WHA Document 154 Filed 07/12/18 Page 12 of 20
`
`
`51;
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
` but does not
`
`explain how a “command” is required (as it is not in the claims) or different from an “operation,” or
`
`why these “behaviors” that match exactly with example operations from the ‘780 Patent are not
`
`operations. Mot. at 19-20; Opp. at 25. Further, Juniper’s expert conceded that “behaviors” can be
`
`“operations.” Reply Ex. 5 at 136:22-137:5. Lastly, as explained above, these are operations that “may
`
`be attempted” depending on the system they are run on. Opp. at 25.
`
`
`Element 10(c) is Met
`
`C.
`
`1.
`
`
`
`MAP Stores the Downloadable Security Profile (“DSP”) Data in the
`
`Juniper does not dispute that it stores the results of MAP using
`
` management software, and
`
`that the
`
` management software can store, retrieve, update, and sort information in its database.
`
`Opp. at 5 (
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`8
`REPLY IN SUPPORT OF FINJAN’S MTN. FOR SUM. JUDG.
`
`CASE NO. 3:17-cv-05659-WHA
`
`

`

`Case 3:17-cv-05659-WHA Document 154 Filed 07/12/18 Page 13 of 20
`
`
`61; Reply Ex. 5 at 140:4-20 (
`
`). Further, as a matter of law,
`
`the term “a” can refer to “one or more,” meaning that multiple databases still infringes. Baldwin
`
`Graphic Sys., Inc. v. Siebert, Inc., 512 F.3d 1338, 1342 (Fed. Cir. 2008) (“That ‘a’ or ‘an’ can mean
`
`‘one or more’ is best described as a rule, rather than merely as a presumption or even a convention”).
`
`Juniper’s evidence to the contrary is testimony of a single witness “woodshedded” during litigation.
`
`Opp. at 27.
`Juniper argues there is no “database schema” with a “table.”8 Opp. at 26-28.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`8 In its Background section, Juniper states that Finjan limited database to “relational databases” (Opp.
`at 4), but abandons this argument without explanation in its arguments. Opp. at 26-30. Irrespective,
`Juniper is wrong, Finjan never limited “database” to relational database, the discussion cited by Juniper
`was Finjan responding to the petitioner’s argument that it was obvious to add a relational database to
`Swimmer. IPR2015-01892, Paper No. 1 at 24-25. In response, Finjan argued that it was not obvious
`to do so. IPR2015-01892, Paper No. 7 at 50.
`
`9
`REPLY IN SUPPORT OF FINJAN’S MTN. FOR SUM. JUDG.
`
`CASE NO. 3:17-cv-05659-WHA
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`

`

`Case 3:17-cv-05659-WHA Document 154 Filed 07/12/18 Page 14 of 20
`
`
`
`
`
`
`
`
`
`
`
`
`Juniper also argues that “database schema” is limited to “a description of a database to a
`
`database management system (DBMS) in the language provided by the DBMS.” Opp. at 28.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`2.
`
`
`The
`
` has a “Database Manager”
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11