Case 3:17-cv-05659-WHA Document 415 Filed 04/05/19 Page 1 of 19
`
`
`
`PAUL ANDRE (State Bar No. 196585)
`pandre@kramerlevin.com
`LISA KOBIALKA (State Bar No. 191404)
`lkobialka@kramerlevin.com
`JAMES HANNAH (State Bar No. 237978)
`jhannah@kramerlevin.com
`KRISTOPHER KASTENS (State Bar No. 254797)
`kkastens@kramerlevin.com
`KRAMER LEVIN NAFTALIS & FRANKEL LLP
`990 Marsh Road
`Menlo Park, CA 94025
`Telephone: (650) 752-1700
`Facsimile: (650) 752-1800
`
`Attorneys for Plaintiff
`FINJAN, INC.
`
`
`IN THE UNITED STATES DISTRICT COURT
`
`FOR THE NORTHERN DISTRICT OF CALIFORNIA
`
`SAN FRANCISCO DIVISION
`
`FINJAN, INC., a Delaware Corporation,
`
`
`
`
`
`
`Plaintiff,
`
`v.
`
`
`JUNIPER NETWORKS, INC., a Delaware
`Corporation,
`
`
`Defendant.
`
`
`
`Case No.: 3:17-cv-05659-WHA
`
`PLAINTIFF FINJAN, INC.’S REPLY IN
`SUPPORT OF ITS SECOND MOTION FOR
`EARLY SUMMARY JUDGMENT,
`REGARDING INFRINGEMENT OF CLAIM 1
`OF U.S. PATENT NO. 8,141,154
`
`Date:
`Time:
`Courtroom:
`Before:
`
`
`May 2, 2019
`8:00 a.m.
`Courtroom 12, 19th Floor
`Hon. William Alsup
`
`
`
`
`
`REDACTED VERSION OF DOCUMENT SOUGHT TO BE SEALED
`
`
`FINJAN’S NTC. OF MOT. & 2ND EARLY MOT. FOR S.J.
`
`CASE NO. 3:17-cv-05659-WHA
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 3:17-cv-05659-WHA Document 415 Filed 04/05/19 Page 2 of 19
`
`
`
`TABLE OF CONTENTS
`
`Page
`
`I. 
`
`INTRODUCTION ........................................................................................................................... 1 
`
`II.  CLAIM CONSTRUCTION ............................................................................................................. 1 
`
`A. 
`
`B. 
`
`“Safe” Should be given its Plain and Ordinary Meaning .......................................................1 
`
`“Content processor” should be given its plain and ordinary meaning ....................................2 
`
`III. 
`
`JUNIPER INFRINGES CLAIM 1 ................................................................................................... 4 
`
`A.  SRX Infringes Claim 1 ............................................................................................................4 
`
`1. 
`
`2. 
`
`3. 
`
`4. 
`
`5. 
`
`SRX Processes Content from a Network that has a Call to a First
`Function .........................................................................................................................4 
`
`SRX Invokes a Second Function with the Input ............................................................6 
`
`SRX Invokes a Second Function Only If Security Computer Indicates it
`is Safe .............................................................................................................................7 
`
`SRX Transmits when the first function is invoked ........................................................8 
`
`SRX Has a Receiver.....................................................................................................10 
`
`B. 
`
`Sky ATP Infringes Claim 1...................................................................................................10 
`
`1. 
`
`2. 
`
`Sky ATP invokes a second function with the input. ....................................................11 
`
`Sky ATP Invokes a Second Function Only If the Reputation Server and
`Verdict Engines Indicate it is Safe ...............................................................................12 
`
`3. 
`
`Sky ATP Transmits When the First Function is Invoked ............................................13 
`
`C.  The ATP Appliance Infringes Claim 1 .................................................................................13
`
`1.
`
`2. 
`
`Juniper’s Arguments About Release Versions Contradicts its Discovery ...................13
`
`The ATP Appliance Invokes a Second Function with the Input .................................14 
`
`D.  The Accused Products Infringe under DOE .........................................................................15 
`
`E. 
`
`Juniper’s Vague Invalidity Arguments Fail to Meet its Burden of Proof .............................15 
`
`IV.  CONCLUSION .............................................................................................................................. 15 
`
`i
`FINJAN’S NTC. OF MOT. & 2ND EARLY MOT. FOR S.J.
`
`CASE NO. 3:17-cv-05659-WHA
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 3:17-cv-05659-WHA Document 415 Filed 04/05/19 Page 3 of 19
`
`
`
`TABLE OF AUTHORITIES
`
`
`
`Page(s)
`
`Federal Cases
`
`Accent Packaging, Inc. v. Leggett & Platt, Inc.,
`707 F.3d 1318 (Fed. Cir. 2013)........................................................................................................... 3
`
`Edwards Lifesciences LLC v. Cook Inc.,
`582 F.3d 1322 (Fed. Cir. 2009)........................................................................................................... 2
`
`Finjan, Inc. v. Bitdefender Inc.,
`No. 17-cv-04790-HSG, 2019 WL 634985 (N.D. Cal. Feb. 14, 2019) ................................................ 4
`
`Finjan, Inc. v. Secure Computing Corp.,
`626 F.3d 1197 (Fed. Cir. 2010)......................................................................................................... 10
`
`Kenexa Brassing, Inc. v. Taleo Corp.,
`751 F.Supp.2d 735 (D. Del. 2010) .................................................................................................... 14
`
`L & W, Inc. v. Shertech, Inc.,
`471 F.3d 1311 (Fed. Cir. 2006)......................................................................................................... 14
`
`Paper Converting Machine Co. v. Magna-Graphics Corp.,
`745 F.2d 11 (Fed. Cir. 1984)............................................................................................................. 14
`
`Rembrandt Wireless Techs., LP v. Samsung Elecs. Co.,
`853 F.3d 1370 (Fed. Cir. 2017)....................................................................................................... 1, 2
`
`SRI Int'l v. Matsushita Elec. Corp. of Am.,
`775 F.2d 1107 (Fed. Cir. 1985)....................................................................................................... 3, 4
`
`SunTiger, Inc. v. Scientific Research Funding Group,
`189 F.3d 1327 (Fed. Cir. 1999)........................................................................................................... 7
`
`Thorner v. Sony Computer Entm’t Am. LLC,
`669 F.3d 1362 (Fed. Cir. 2012)........................................................................................................... 4
`
`
`
`i
`FINJAN’S NTC. OF MOT. & 2ND EARLY MOT. FOR S.J.
`
`CASE NO. 3:17-cv-05659-WHA
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 3:17-cv-05659-WHA Document 415 Filed 04/05/19 Page 4 of 19
`
`
`
`I.
`
`INTRODUCTION
`
`Juniper, Inc.’s (“Juniper”) arguments are universally without merit and an attempt to distract
`
`from the true issue of whether Juniper infringes under a plain reading of Claim 1 of U.S. Patent No.
`
`8,141,154 (Dkt. 369-3, “the ’154 Patent”).
`II.
`
`CLAIM CONSTRUCTION
`A.
`Finjan has always maintained that “safe” is a well-understood term that needs no construction.
`
`“Safe” Should be given its Plain and Ordinary Meaning
`
`See Dkt. 176 at 20-21; Dkt. 187 at 15. Juniper’s proposed construction is wrong because there are
`
`numerous examples in the specification where safe does not take Juniper’s narrow interpretation,
`
`making Juniper’s reliance on Rembrandt Wireless Techs., LP v. Samsung Elecs. Co., 853 F.3d 1370
`
`(Fed. Cir. 2017) incorrect. ‘154 Patent at 13:29-36 (sending a variable “name_of_function” “so that
`
`input inspector 275 can determine whether it is safe to invoke the specific original function with the
`
`input.”); id. at 13:10-13 (an “input inspector 275 determines that an input is riot safe …”); id. at 11:59-
`
`63 (functions that are “normally considered to be safe” regardless of any client computer policy); id. at
`
`9:29-35 (calls that are already “known to be safe,” which is necessarily determined before accessing
`
`any client computer policy).
`
`Juniper also mischaracterized the specification for its argument for its construction of “safe.”
`
`Opp. at 6. Juniper discusses a single embodiment near the end of the specification that does not
`
`describe the inventions as whole, but shows that “safe” simply means a security computer returning an
`
`indicator that says “true.” ‘154 Patent at 14:64–15:3 (“If the indicator is true, indicating that it is safe
`
`for the client computer to invoke …”). Therefore, even in the example identified by Juniper, the
`
`embodiment discloses that “safe” is just “true,” and therefore does not need to be limited in the manner
`
`Juniper suggests. Id. at 10:4-6 (safety indicator “may be a Boolean variable, or a variable with more
`
`than two settings that can carry additional safety inspection information”). Juniper also ignores that its
`
`proposed construction reads out embodiments from the specification that do not limit the determination
`
`of whether content is safe to any “security policy” or “client computer,” which is another exception to
`
`the rule stated in Rembrandt. See, e.g., ‘154 Patent Abstract; id. at 5:18-25; 5:39-50; 6:4-26; see also
`
`10:4-6 (discussing Boolean variables that can carry additional safety inspection information). Thus,
`1
`FINJAN’S NTC. OF MOT. & 2ND EARLY MOT. FOR S.J.
`
`CASE NO. 3:17-cv-05659-WHA
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 3:17-cv-05659-WHA Document 415 Filed 04/05/19 Page 5 of 19
`
`
`
`both exceptions to the rule of interpreting “i.e.” as “definitional” apply here and Juniper’s construction
`should be rejected. Rembrandt, 853 F.3d at 1377.1
`B.
`“Content processor” should be given its plain and ordinary meaning
`Finjan has also always maintained that “content processor” has its plain and ordinary meaning.
`
`Dkt. 176 at 17. Juniper, in its Opposition, however, changed both the term it seeks to construe and its
`
`proposed construction. First, Juniper truncates the term it seeks construe to just “content processor”
`
`from its previous identification of the entire 45 word element. Juniper then adds limitations to its
`
`proposed construction, including for the first time the limitations of a “client/user computer” and
`
`“modified content.” Juniper should not be permitted to change the terms it is construing and its
`
`construction of this term, in the middle of summary judgment, as it prejudices Finjan who relied on
`
`Juniper’s disclosed claim construction. Further, Juniper’s argument that its newly revised construction
`
`“reflects the plain and ordinary meaning” is nonsensical, because Juniper modifies two plain English
`
`words to limit both the location of processing (“client/user”) and the type of content processed
`(“modified”). Opposition (“Opp.”) at 6-7.2 Juniper’s construction also makes no sense in the context
`of the claims because it would have the content processor processing both modified and unmodified
`
`content simultaneously: “a [processor on a client/user computer that processes modified content] (i) for
`
`processing content received over a network, the content including a call to a first function, and the call
`
`including an input, and (ii) for invoking a second function with the input, only if a security computer
`
`indicates that such invocation is safe.” (underlining added).
`
`Juniper’s new limitation of “modified content” cannot apply because the ‘154 Patent provides
`
`an example where unmodified content is processed using a content processor, describing a “content
`
`processor” “for processing content received over a network.” ‘154 Patent at 7:22-23; see also id. at
`
`6:4-14 (describing that “content” received for processing has the “original” function”). Any
`
`construction cannot read out this disclosed preferred embodiment. The specification also explains that
`
`
`1 Juniper’s reliance on Edwards Lifesciences LLC v. Cook Inc., 582 F.3d 1322, 1333-34 (Fed. Cir.
`2009) is also misplaced because there was an express disclaimer. By contrast, the ‘154 Patent gives
`more than one description of the word “safe” and makes no such disclaimer.
`2 Juniper’s argument that Finjan’s construction would make the term “superfluous” is equally
`nonsensical considering Finjan proposes that no construction is necessary. Opp. at 9.
`2
`FINJAN’S NTC. OF MOT. & 2ND EARLY MOT. FOR S.J.
`
`CASE NO. 3:17-cv-05659-WHA
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 3:17-cv-05659-WHA Document 415 Filed 04/05/19 Page 6 of 19
`
`
`
`the word “content” by itself is not modified, and “may be in the form of executable code, JavaScript,
`
`VBScript, Java applets, ActiveX controls, which are supported by web browsers.” ‘154 Patent at 2:67–
`
`3:2; see also id. at 13:49-52 (“Such content may be in the form of an HTML web page, an XML
`
`document, a Java applet, an EXE file, JavaScript, VBScript, an Active X Control, or any such data
`
`container that can be rendered by a client web browser.”). No correct construction of “content” can
`
`read out these straightforward examples, none of which define “content” as being modified. Juniper
`
`also admits that its own expert “testified that this term should be given its plain and ordinary meaning”
`
`before the PTAB, but argues he actually meant the construction Juniper now proposes. Opp. at 10.
`
`Juniper is wrong, as Dr. Rubin previously testified that “content” just means “code” in the context of
`
`the ‘154 Patent. Dkt. 390-19, Ex. P at 12 (“Q. What is your understanding of what “content” means?
`
`A. In the context of the ’154 patent, content would be code.”).
`
`In fact, the ‘154 Patent is explicit when something is “modified” from its original form. See,
`
`e.g., ‘154 Patent at 3:9-12. For example, the content being “modified” was not intended to be in the
`
`claims, as Finjan explicitly removed “modified” from the claim language during prosecution. Ex. 2,
`
`’154 Patent File History, 5/10/11 Response to O.A. at 12 (striking out “modified” from “content” in
`
`dependent claim 2). Additionally, Claims 6, 7, 9, and 10 of the ‘154 Patent explicitly use “modified”
`
`for data modified from its original form. As such, the Court cannot import the word “modified” into
`
`the claim language. SRI Int'l v. Matsushita Elec. Corp. of Am., 775 F.2d 1107, 1122 (Fed. Cir. 1985)
`(you cannot read limitations from one claim into another that does not have the same limitation).3
`Similarly, it is improper to limit a content processor to a client/user computer. First, the ‘154
`
`Patent never describes the content processor as on a “user computer.” The ‘154 Patent also discloses
`
`embodiments where the content processor is not limited to the client. Motion at 7 (citing ‘154 Patent at
`
`6:27-34; 6:66–7:7; 7:8-19; 7:20-31; and 7:32-43). Particularly, the ‘154 Patent includes embodiments
`
`with it on a “computer” without limiting its location. ‘154 Patent at 7:20-31; Accent Packaging, Inc. v.
`
`Leggett & Platt, Inc., 707 F.3d 1318, 1326 (Fed. Cir. 2013). Finally, the IBM dictionary does not help
`
`3 The IPR2015-01979 decision (Dkt. 390-19, Ex. P) is inapplicable because the examiner did not
`address the plain and ordinary reading of the claims and examples in the specification. In fact,
`Juniper’s expert agreed in that IPR that content did not need to be modified, stating “content” in the
`claim only means “code.”
`
`3
`FINJAN’S NTC. OF MOT. & 2ND EARLY MOT. FOR S.J.
`
`CASE NO. 3:17-cv-05659-WHA
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 3:17-cv-05659-WHA Document 415 Filed 04/05/19 Page 7 of 19
`
`
`
`Juniper because the second definition of “client,” which is used in computer science, is: “A functional
`
`unit that receives shared services from server,” not a “user.” Opp. at 7 n.5; Dkt. 390-6, Ex. C.
`
`Juniper’s argument that a content processor is limited to a “client/user computer” because the
`
`patent says there are disadvantages to malware analysis on the gateway ignores that the same cited
`
`sections say that disadvantages apply to the client as well. ‘154 Patent at 2:31-32 (“Each of the various
`
`anti-virus technologies, gateway vs. desktop … has its pros and cons.”). Instead of being gateway
`
`versus client, the ‘154 Patent discloses resolving these disadvantages using a separate security
`
`computer. ‘154 Patent at 4:35-37. Juniper also cannot show that the patentee expressly limited the
`
`claim to a client/user. Thorner v. Sony Computer Entm’t Am. LLC, 669 F.3d 1362, 1365–66 (Fed. Cir.
`
`2012). Nothing in the specification describes a “user computer.” Even the language Juniper cites to for
`
`“client,” uses permissive language describing where the content processor may be located. Opp. at 8
`
`(citing ‘154 Patent at 10:61-62 (“Content processor may be a web browser running on client
`
`computer”) (emphasis added)). The use of permissive language and the lack of any such limitation in
`
`the claim itself supports that there can be no limitation on where the content processor resides. SRI
`
`Int’l, 775 F.2d at 1122 (improper to read limitations into the claims). Finally, three prior claim
`
`construction decisions in this District ordered the plain and ordinary meaning for “content processor.”
`
`Motion at 6-7; see also Finjan, Inc. v. Bitdefender Inc., No. 17-cv-04790-HSG, 2019 WL 634985, at
`
`*11-12 (N.D. Cal. Feb. 14, 2019) (denying attempt to construe “a content processor for (i) processing
`
`content received over a network” as “a web browser running on a client computer”) (emphasis added).
`III.
`
`JUNIPER INFRINGES CLAIM 1
`
`Juniper cannot overcome that the SRX, Sky ATP, and ATP Appliance infringe the plain
`
`language of Claim 1 of the ‘154 Patent. This is made clear by the fact that Juniper’s expert admits that
`
`he gave no opinion on non-infringement under Finjan’s proposed construction of “content processor.”
`
`Ex. 1, Rubin 4/2/19 Depo. Tr. at 125:9-126:2.
`A.
`
`SRX Infringes Claim 1
`
`1.
`SRX Processes Content from a Network that has a Call to a First Function
`Juniper does not dispute that the SRX receives content over a network including files, submits
`
`these files to security computers like Sky ATP or the ATP Appliance, and then forwards them to their
`4
`FINJAN’S NTC. OF MOT. & 2ND EARLY MOT. FOR S.J.
`
`CASE NO. 3:17-cv-05659-WHA
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 3:17-cv-05659-WHA Document 415 Filed 04/05/19 Page 8 of 19
`
`
`
`next destination if they are safe, or blocks them if not. Opp. at 11-12, 18. Finjan described two ways
`
`SRX meets this element with citations to Juniper’s own documents: (1) when SRX receives calls to
`
`open links and sends them to a security computer for analysis; and (2) when SRX receives webpages
`
`that contain embedded scripts and sends them to a security computer. Motion at 9-12.
`
`Juniper’s Opposition asserts new non-infringement arguments based on additional
`
`constructions of multiple claim terms that have no basis in the patent. First, Juniper asserts that a call to
`
`open a link is “not even a ‘function,’” which effectively seeks a new construction of “function.” But
`
`Juniper cites no support for this assertion other than the bare opinion of Dr. Rubin. Opp. at 17. Neither
`
`Dr. Rubin nor the Opposition explain why a call to open a link cannot meet the claim language of a
`
`“function” as argued by Finjan’s expert. ‘154 Patent at 9:16-21 (showing a function as
`
`“Function(input)”). Dr. Rubin also contradicted this position during his deposition, admitting that the
`
`HTTP function of a GET request (which is a call to open (i.e. get) a webpage indicated by a URL link)
`
`is a function. Ex. 1, Rubin 4/2/19 Depo. Tr. at 187:15-23 (Q. “Do you consider HTTP GET as a [] call?
`
`… A. Okay. GET – GET could be a function, yes. Q. And the HTTP GET function typically follows –
`
`typically comes with a URL, correct? A. Right.”).
`
`Next, Juniper asserts that SRX does not infringe because it receives requests to open a file or
`
`webpage from a user, and supposedly not over a network. Opp. at 16-17.
`
`
`
`
`
`
`
`
`
`
`
`
`
` Besides, SRX is
`
`connected to both the user and the internet via a network. Id. All the claim language requires is content
`
`is received over “a network.”
`
`Juniper also argues that the SRX does not “process” content because it routes packets. Opp. at
`
`18. Juniper is wrong because the SRX must process received content when it “submits files” to
`5
`FINJAN’S NTC. OF MOT. & 2ND EARLY MOT. FOR S.J.
`
`CASE NO. 3:17-cv-05659-WHA
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 3:17-cv-05659-WHA Document 415 Filed 04/05/19 Page 9 of 19
`
`
`
`security computers for analysis. Id.
`
`
`
`
`
`
`
` Claim 1 does not require SRX to process calls to a first function within all of the packets it
`
`routes, as Juniper argues, as it is undisputed that Juniper will parse packets to determine if it should
`
`send them for analysis at a security computer. Id. More importantly, the plain language of claim 1 only
`
`states processing content received over a network. Juniper injects new limitations into the claims,
`
`saying SRX does not “invoke code” or “dynamically analyze” files, when neither of these are required
`
`by the claim. Id.
`
`Finally, Juniper complains about the evidence Finjan cited, saying SRX does not process
`
`scripts or links. Opp. at 18. Juniper misses the point, as this evidence shows that SRX receives
`
`webpages with scripts or links to files to send to a security computer. Id.; Motion at 10. In this same
`
`paragraph Juniper admits that SRX processes files to submit them to Sky ATP (a security computer)
`
`for analysis. Id.
`
`2.
`SRX Invokes a Second Function with the Input
`Finjan identified that the SRX invokes a second function with input: (1) when SRX allows
`
`communications with a URL or IP address through, and (2) when SRX allows a file hosted at that URL
`
`or IP address through. Juniper’s only rebuttal is that Finjan did not identify source code showing that
`
`SRX allows communications with a URL or IP address to pass through. Opp. at 19. However, Juniper
`
`does not deny that SRX allows both communications and files through depending on the verdict score
`
`from the security computer. Id. at 20; Ex. 1, Rubin 4/2/19 Depo. Tr. at 204:22-205-9. As such, Juniper
`
`admits that SRX performs this function. Id. at 21-22 (describing that SRX allows a sample through
`
`depending on the verdict score from Sky ATP). Finjan cited multiple documents to prove this element.
`
`Id. at 19-21; Motion at 11-12.
`
`Additionally, Juniper incorrectly asserts that Dr. Mitzenmacher “admitted” he did not rely on
`
`source code for this element because Juniper edited out the part of his response where he explained
`
`that he did in fact cite source code. “
`
`
`
`,
`
`6
`FINJAN’S NTC. OF MOT. & 2ND EARLY MOT. FOR S.J.
`
`CASE NO. 3:17-cv-05659-WHA
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 3:17-cv-05659-WHA Document 415 Filed 04/05/19 Page 10 of 19
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`3. SRX Invokes a Second Function Only If Security Computer Indicates it is Safe
`Juniper first argues SRX cannot infringe because it allows a file to pass the first time it sees that
`
`file. Opp. at 21. First, this is demonstrably wrong, as SRX performs “in-line blocking” of new files.
`
`Dkt. 368-18, Ex. 9 at JNPR-FNJN_29002_00173284. Even if this were not the case, SRX is
`
`programmed to block a file each and every time it sees that file after the first time, thereby meeting the
`
`claim limitations and infringing the claim. SunTiger, Inc. v. Scientific Research Funding Group, 189
`
`F.3d 1327, 1337 (Fed. Cir. 1999) (part time infringement is still infringement). Thus, SRX infringes
`
`when it performs these steps. Id.
`
`Juniper also argues SRX cannot infringe because the security computer indicates whether a file
`
`
`4
`
`
`
`
`
`
`
`
`7
`FINJAN’S NTC. OF MOT. & 2ND EARLY MOT. FOR S.J.
`
`CASE NO. 3:17-cv-05659-WHA
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 3:17-cv-05659-WHA Document 415 Filed 04/05/19 Page 11 of 19
`
`
`
`is safe, not the functions within that file are safe to invoke. Opp. at 20-21. But Juniper’s argument
`
`misstates Finjan’s position, where the content for the file is the input to the function. In fact, Claim 1 of
`
`the ‘154 Patent specifically disclosed analyzing the input to determine if the function is safe. ‘154
`
`Patent, Claim 1 (“transmitting the input to the security computer”) (emphasis added). Further, as
`
`admitted by Juniper’s expert, it does not matter whether the SRX only receives an indicator for a file or
`
`a function, as the safety of a function can be determined based on whether the input is safe. Ex. 1,
`
`Rubin 4/2/19 Depo. Tr.at 216:9-19 (“Q. Are you suggesting that a function can be safe based on a
`
`determination of whether the input is safe or not? A. That’s possible.”).
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Finally, SRX infringes even under Juniper’s erroneous construction of the word “safe” because
`
`the security computer (i.e. Sky ATP) simulates a client computer’s environment and thus enforces the
`
`same rules on the files for the client computer and is used to return a verdict. Dkt. 369-14, Ex. 13 at
`
`FINJAN-JN 044912. Similarly, SRX protects client computers and thus enforces security policies on
`
`behalf of client computers determine whether something is safe. Id. at FINJAN-JN 044907.
`
`4.
`SRX Transmits when the first function is invoked
`Contrary to Juniper’s argument, Finjan described why the transmission from SRX to the
`
`security computer occurs when the first function is invoked because, first, it occurs when the client
`
`computer loads a webpage, and second, when the SRX downloads or extracts a file for de-obfuscation.
`
`Motion at 13-14.
`
`
`
`
`
`
`
`
`
`
`
`8
`FINJAN’S NTC. OF MOT. & 2ND EARLY MOT. FOR S.J.
`
`CASE NO. 3:17-cv-05659-WHA
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 3:17-cv-05659-WHA Document 415 Filed 04/05/19 Page 12 of 19
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
` Finally, Juniper’s argument is moot because the claim does not
`
`require the SRX to invoke the first function, just that it transmit the input when the function is invoked.
`
`Juniper’s reliance on Finjan’s IPR response also does not support its position. Opp. at 25; Dkt. 390-21,
`
`Ex. R. There, Finjan merely noted the difference between encountering operating system events and
`
`invoking first functions. Dkt. 390-21, Ex. R at 27. Finjan’s statement in the IPR response had no
`
`bearing on the timing of invoking first functions or when the transmission occurred in the ‘154 Patent.
`
`Juniper also makes the incredible claims that: “Juniper does not ‘make’ the claimed system”
`
`and therefore it cannot sell, offer to sell, or import the claimed system. Opp. at 24.
`
`
`
`9
`FINJAN’S NTC. OF MOT. & 2ND EARLY MOT. FOR S.J.
`
`CASE NO. 3:17-cv-05659-WHA
`
`
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 3:17-cv-05659-WHA Document 415 Filed 04/05/19 Page 13 of 19
`
`
`
`
`
`
`
`Finjan, Inc. v. Secure Computing Corp., 626 F.3d 1197, 1205 (Fed. Cir. 2010) (activation not
`
`necessary for infringement). Claim 1 is not a method claim and Finjan is not required to show the steps
`
`are performed, only that the system is included in the SRX. Juniper also attempts to misconstrue the
`
`Claim 1 by adding limitations over what invokes the first function. But as shown above and in the
`
`Motion, nothing in the claim language requires SRX to invoke the first function. Even if it did, as Dr.
`
`Mitzenmacher explained, whenever a user invokes a function, the SRX necessarily also invokes that
`
`function. Dkt. 389-10, Mitz. 3/4/19 Depo. Tr. at 51:9-13. Thus, SRX still performs every step of the
`
`claim language even under Juniper’s interpretation of the claim.
`
`5.
`SRX Has a Receiver
`Juniper also erroneously asserts that Finjan did not identify a receiver, but also admits that SRX
`
`receives these verdicts, making its argument a waste of time. Opp. at 12; Motion at 14.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Sky ATP Infringes Claim 1
`
`B.
`Juniper does not dispute that Sky ATP is a content processor, that it processes content received
`
`over a network, that it sends input to the Reputation Server and Verdict Engines as security computers
`
`for analysis, or that it receives a determination back. Opp. at 11-12, 27-29. Juniper’s arguments
`
`regarding the claim construction of “safe” fail for the same reasons stated above. Further, Sky ATP
`
`still infringes even if the “content processor” is on a client computer because Sky ATP performs
`
`dynamic analysis on the content in a sandbox which simulates the client computer environment.
`10
`FINJAN’S NTC. OF MOT. & 2ND EARLY MOT. FOR S.J.
`
`CASE NO. 3:17-cv-05659-WHA
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 3:17-cv-05659-WHA Document 415 Filed 04/05/19 Page 14 of 19
`
`
`
`1.
`Sky ATP invokes a second function with the input.
`Finjan identifies two functions Sky ATP performs that meet the limitation of a “second
`
`function” in the claim language: “(1) ‘adding the URL/IP address or the file hash to the whitelist,’ or
`
`(2) making an ‘early exit’ from the pipeline.” Id. at 28. Juniper then argues that Finjan did not identify
`
`evidence that the second function is performed with the input. Id. Juniper does not dispute that the very
`
`point of whitelisting a URL/IP address (which is the input) is to place that URL/IP address on a white
`
`list so that they are not blocked or processed the next time they are seen. Thus, this whitelisting is
`
`performed using the URL/IP address inputs that Finjan identified. Motion at 16-17 (citing: “Mitz.
`
`Decl., ¶¶ 45-47 (explaining, with reference to Juniper’s source code, updating a whitelist with a file
`
`hash or URL/IP address once they are determined to be safe).”).
`
`Juniper also does not dispute that it adds URL/IP address and file hashes to a whitelist. Opp. at
`
`28. Juniper seizes on one source code citation showing that Juniper uses whitelist to argue that that
`
`citation shows whitelisting infected host IP addresses, but not IP addresses of a malicious file. Id. This
`
`distinction, however is meaningless because an IP address itself can be an input, regardless of whether
`
`the IP address identifies a file, or an internal or external host. Furthermore, the Opposition completely
`
`ignores the remaining evidence Finjan cited, all demonstrating that Juniper updates whitelists with the
`
`inputs of a URL/IP address or a file hash. Motion at 16-17. Thus, the Opposition fails to rebut Finjan’s
`
`proof that Sky ATP meets this element.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`11
`FINJAN’S NTC. OF MOT. & 2ND EARLY MOT. FOR S.J.
`
`CASE NO. 3:17-cv-05659-WHA
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 3:17-cv-05659-WHA Document 415 Filed 04/05/19 Page 15 of 19
`
`
`
`
`
`
`
`2.
`
`Sky ATP Invokes a Second Function Only If the Reputation Server and
`Verdict Engines Indicate it is Safe
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`12
`FINJAN’S NTC. OF MOT. & 2ND EARLY MOT. FOR S.J.
`
`CASE NO. 3:17-cv-05659-WHA
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 3:17-cv-05659-WHA Document 415 Filed 04/05/19 Page 16 of 19
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`3.
`Sky ATP Transmits When the First Function is Invoked
`Juniper admits Sky ATP has a transmitter and it transmits inputs to the Reputation Server and
`
`Verdict Engine. Juniper’s implied claim construction of the word “when” is unsupported. As Finjan
`
`explains, the transmission occurs once a client invokes a first function or when a dynamic analysis and
`
`de-obfuscation are performed on the file, which invoke the first function, so that it can send the input
`
`behind that first function to the security computers for analysis. This is “when” the first function is
`
`invoked. Motion at 17-18.
`C.
`Juniper repeats its claim construction arguments regarding “modified” content and a
`
`The ATP Appliance Infringes Claim 1
`
`“client/user” computer