`
`PAUL ANDRE (State Bar No. 196585)
`pandre@kramerlevin.com
`LISA KOBIALKA (State Bar No. 191404)
`lkobialka@kramerlevin.com
`JAMES HANNAH (State Bar No. 237978)
`jhannah@kramerlevin.com
`AUSTIN MANES (State Bar No. 284065)
`amanes@kramerlevin.com
`KRAMER LEVIN NAFTALIS & FRANKEL LLP
`990 Marsh Road
`Menlo Park, CA 94025
`Telephone: (650) 752-1700
`Facsimile: (650) 752-1800
`
`Attorneys for Plaintiff
`FINJAN, INC.
`
`
`IN THE UNITED STATES DISTRICT COURT
`
`FOR THE NORTHERN DISTRICT OF CALIFORNIA
`
`FINJAN, INC., a Delaware Corporation,
`
`
`
`
`
`
`Plaintiff,
`
`v.
`
`
`CHECK POINT SOFTWARE
`TECHNOLOGIES INC., a Delaware
`Corporation, CHECK POINT SOFTWARE
`TECHNOLOGIES LTD., an Israeli Limited
`Company,
`
`
`Defendants.
`
`
`
`
`
`
`Case No.:
`
`COMPLAINT FOR PATENT
`INFRINGEMENT
`
`DEMAND FOR JURY TRIAL
`
`
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`____________________________________________________________________________________
`COMPLAINT FOR PATENT INFRINGEMENT
`CASE NO.
`
`
`
`
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`Plaintiff Finjan, Inc. (“Finjan”) files this Complaint for Patent Infringement and Demand for
`
`Jury Trial against Check Point Software Technologies Ltd. (“Check Point Israel”) and Check Point
`
`Software Technologies, Inc. (“Check Point USA”) (collectively, “Defendant” or “Check Point”) and
`
`alleges as follows:
`
`THE PARTIES
`
`1.
`
`Finjan is a Delaware Corporation with its principal place of business at 2000
`
`University Avenue, Suite 600, E. Palo Alto, California 94303.
`2.
`
`Check Point USA is a Delaware Corporation with its headquarters and principal place
`
`of business at 959 Skyway Road, Suite 300, San Carlos, CA 94070. Defendant may be served
`
`through its agent for service of process, Corporation Service Company, 2710 Gateway Oaks Drive,
`
`Suite 150N, Sacramento, CA 95833.
`3.
`
`Check Point Israel is limited company organized under the law of Israel with its
`
`headquarters and principal place of business at 5 Ha’Solelim Street, Tel Aviv 67897, Israel. On
`
`information and belief, Check Point USA is a wholly-owned subsidiary of Check Point Israel.
`
`JURISDICTION AND VENUE
`
`4.
`
`This action arises under the Patent Act, 35 U.S.C. § 101 et seq. This Court has
`
`original jurisdiction over this controversy pursuant to 28 U.S.C. §§ 1331 and 1338.
`5.
`
`Venue is proper in this Court pursuant to 28 U.S.C. §§ 1391(b) and (c) and/or 1400(b).
`
`Venue is proper at least because Check Point’s U.S. Headquarters is located in this District at 959
`
`Skyway Road Suite 300, San Carlos, CA 94070.
`6.
`
`This Court has personal jurisdiction over Defendant. Upon information and belief,
`
`Defendant regularly and continuously does business in this District and has infringed or induced
`
`infringement, and continues to do so, in this District. Upon information and belief, Check Point’s
`
`U.S. Headquarters is located in this District in the city of San Carlos, California and is a regular and
`
`established place of business. In fact, Defendant’s website regularly advertises active job listings in
`
`this District for its U.S. Headquarters in this District. See Exhibit 1 attached hereto
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`1
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`
`
`(https://careers.checkpoint.com/careers/index.php?m=careers&a=jobs&country_code=US). As such,
`
`the Court has personal jurisdiction over Check Point because minimum contacts have been
`
`established within this forum and the exercise of jurisdiction would not offend traditional notions of
`
`fair play and substantial justice.
`
`INTRADISTRICT ASSIGNMENT
`
`Pursuant to Local Rule 3-2(c), Intellectual Property Actions are assigned on a district-
`
`7.
`wide basis.
`
`FINJAN’S INNOVATIONS
`
`8.
`
`Finjan was founded in 1997 as a wholly-owned subsidiary of Finjan Software Ltd., an
`
`Israeli corporation. In 1998, Finjan moved its headquarters to San Jose, California. Finjan was a
`
`pioneer in developing proactive security technologies capable of detecting previously unknown and
`
`emerging online security threats, recognized today under the umbrella term “malware.” These
`
`technologies protect networks and endpoints by identifying suspicious patterns and behaviors of
`
`content delivered over the Internet. Finjan has been awarded, and continues to prosecute, numerous
`
`patents covering innovations in the United States and around the world resulting directly from
`
`Finjan’s more than decades-long research and development efforts, supported by a dozen inventors
`
`and over $65 million in R&D investments.
`9.
`
`Finjan built and sold software, including application program interfaces (APIs) and
`
`appliances for network security, using these patented technologies. These products and related
`
`customers continue to be supported by Finjan’s licensing partners. At its height, Finjan employed
`
`nearly 150 employees around the world building and selling security products and operating the
`
`Malicious Code Research Center, through which it frequently published research regarding network
`
`security and current threats on the Internet. Finjan’s pioneering approach to online security drew
`
`equity investments from two major software and technology companies, the first in 2005 followed by
`
`the second in 2006. Finjan generated millions of dollars in product sales and related services and
`
`support revenues through 2009, when it spun off certain hardware and technology assets in a merger.
`
`Pursuant to this merger, Finjan was bound to a non-compete and confidentiality agreement, under
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`2
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`
`
`which it could not make or sell a competing product or disclose the existence of the non-compete
`
`clause. Finjan became a publicly traded company in June 2013, capitalized with $30 million. After
`
`Finjan’s obligations under the non-compete and confidentiality agreement expired in March 2015,
`
`Finjan re-entered the development and production sector of secure mobile products for the consumer
`
`market.
`
`FINJAN’S ASSERTED PATENTS
`
`10.
`
`On November 28, 2000, U.S. Patent No. 6,154,844 (“the ‘844 Patent”), titled SYSTEM
`
`AND METHOD FOR ATTACHING A DOWNLOADABLE SECURITY PROFILE TO A
`
`DOWNLOADABLE, was issued to Shlomo Touboul and Nachshon Gal. A true and correct copy of
`
`the ‘844 Patent is attached to this Complaint as Exhibit 2 and is incorporated by reference herein.
`11.
`
`All rights, title, and interest in the ‘844 Patent have been assigned to Finjan, who is the
`
`sole owner of the ‘844 Patent. Finjan has been the sole owner of the ‘844 Patent since its issuance.
`12.
`
`The ‘844 Patent is generally directed toward computer networks, and more particularly,
`
`provides a system that protects devices connected to the Internet from undesirable operations from
`
`web-based content. One of the ways this is accomplished is by linking a security profile to such web-
`
`based content to facilitate the protection of computers and networks from malicious web-based
`
`content.
`13.
`
`On November 15, 2005, U.S. Patent No. 6,965,968 (“the ‘968 Patent”), entitled
`
`POLICY-BASED CACHING, was issued to Shlomo Touboul. A true and correct copy of the ‘968
`
`Patent is attached to this Complaint as Exhibit 3 and is incorporated by reference herein.
`14.
`
`All rights, title, and interest in the ‘968 Patent have been assigned to Finjan, who is the
`
`sole owner of the ‘968 Patent. Finjan has been the sole owner of the ‘968 Patent since its issuance.
`15.
`
`The ‘968 Patent is generally directed towards methods and systems for enabling policy-
`
`based cache management to determine if digital content is allowable relative to a policy. One of the
`
`ways this is accomplished is scanning digital content to derive a content profile and determining
`
`whether the digital content is allowable for a policy based on the content profile.
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`3
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`
`
`16.
`
`On August 26, 2008, U.S. Patent No. 7,418,731 (“the ‘731 Patent”), entitled METHOD
`
`AND SYSTEM FOR CACHING AT SECURE GATEWAYS, was issued to Shlomo Touboul. A true
`
`and correct copy of the ‘731 Patent is attached to this Complaint as Exhibit 4 and is incorporated by
`
`reference herein.
`17.
`
`All rights, title, and interest in the ‘731 Patent have been assigned to Finjan, who is the
`
`sole owner of the ‘731 Patent. Finjan has been the sole owner of the ‘731 Patent since its issuance.
`18.
`
`The ‘731 Patent is generally directed towards methods and systems for providing an
`
`efficient security system. One of the ways this is accomplished is by implementing a variety of caches
`
`to increase performance of the system.
`19.
`
`On January 12, 2010, U.S. Patent No. 7,647,633 (“the ‘633 Patent”), entitled
`
`MALICIOUS MOBILE CODE RUNTIME MONITORING SYSTEM AND METHODS, was issued
`
`to Yigal Mordechai Edery, Nimrod Itzhak Vered, David R. Kroll and Shlomo Touboul. A true and
`
`correct copy of the ‘633 Patent is attached to this Complaint as Exhibit 5 and is incorporated by
`
`reference herein.
`20.
`
`All rights, title, and interest in the ‘633 Patent have been assigned to Finjan, who is the
`
`sole owner of the ‘633 Patent. Finjan has been the sole owner of the ‘633 Patent since its issuance.
`21.
`
`The ‘633 Patent is generally directed towards computer networks, and more
`
`particularly, provides a system that protects devices connected to the Internet from undesirable web-
`
`based content. One of the ways this is accomplished is by determining whether any part of such web-
`
`based content can be executed and then trapping such content using mobile protection code.
`22.
`
`On December 13, 2011, U.S. Patent No. 8,079,086 (“the ‘086 Patent”), entitled
`
`MALICIOUS MOBILE CODE RUNTIME MONITORING SYSTEM AND METHODS, was issued
`
`to Yigal Mordechai Edery, Nimrod Itzhak Vered, David R Kroll and Shlomo Touboul. A true and
`
`correct copy of the ‘086 Patent is attached to this Complaint as Exhibit 6 and is incorporated herein.
`23.
`
`All rights, title, and interest in the ‘086 Patent have been assigned to Finjan, who is the
`
`sole owner of the ‘086 Patent. Finjan has been the sole owner of the ‘086 Patent since its issuance.
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`4
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`
`
`24.
`
`The ‘086 Patent is generally directed towards computer networks and, more
`
`particularly, provides a system that protects devices connected to the Internet from undesirable
`
`operations from web-based content. One of the ways this is accomplished is by creating a profile of
`
`the web-based content and sending a representation of these profiles to another computer for
`
`appropriate action.
`25.
`
`On March 20, 2012, U.S. Patent No. 8,141,154 (“the ‘154 Patent”), titled SYSTEM
`
`AND METHOD FOR INSPECTING DYNAMICALLY GENERATED EXECUTABLE CODE, was
`
`issued to David Gruzman and Yuval Ben-Itzhak. A true and correct copy of the ‘154 Patent is attached
`
`to this Complaint as Exhibit 7 and is incorporated by reference herein.
`26.
`
`All rights, title, and interest in the ‘154 Patent have been assigned to Finjan, who is the
`
`sole owner of the ‘154 Patent. Finjan has been the sole owner of the ‘154 Patent since its issuance.
`27.
`
`The ‘154 Patent is generally directed toward a gateway computer protecting a client
`
`computer from dynamically generated malicious content. One of the ways this is accomplished is by
`
`using a content processor to process a first function and invoke a second function if a security
`
`computer indicates that it is safe to invoke the second function.
`28.
`
`On March 18, 2014, U.S. Patent No. 8,677,494 (“the ‘494 Patent”), titled
`
`MALICIOUS MOBILE CODE RUNTIME MONITORING SYSTEM AND METHODS, was issued
`
`to Yigal Mordechai Edery, Nimrod Itzhak Vered, David R. Kroll, and Shlomo Touboul. A true and
`
`correct copy of the ‘494 Patent is attached to this Complaint as Exhibit 8 and is incorporated by
`
`reference herein.
`29.
`
`All rights, title, and interest in the ‘494 Patent have been assigned to Finjan, who is the
`
`sole owner of the ‘494 Patent. Finjan has been the sole owner of the ‘494 Patent since its issuance.
`30.
`
`The ‘494 Patent is generally directed toward a method and system for deriving security
`
`profiles and storing the security profiles. One of the ways this is accomplished is by deriving a
`
`security profile for a downloadable, which includes a list of suspicious computer operations, and
`
`storing the security profile in a database.
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`5
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`
`
`31.
`
`The ‘844 Patent, the ‘968 Patent, the ‘731 Patent, the ‘633 Patent, the ‘154 Patent, the
`
`‘086 Patent, and the ‘494 Patent, as described above, are collectively referred to as the “Asserted
`
`Patents” herein.
`
`FINJAN’S NOTICE OF INFRINGEMENT TO DEFENDANT
`
`32.
`
`Check Point has long been aware of Finjan and its proprietary technology. For
`
`example, on January 28, 1997, Finjan and Check Point partnered in providing solutions for Java
`
`Security. Finjan issued a press release describing the partnership with Check Point that involved
`
`integrating Finjan’s proprietary scanning technology into Check Point’s firewalls. A true and correct
`
`copy of the press release is attached to this Complaint as Exhibit 9. In its 1999 Annual Report, Check
`
`Point listed Finjan as a “Framework Partner.” A true and correct copy of the Check Point 1999
`
`Annual Report is attached to this Complaint as Exhibit 10. Furthermore, on February 27, 2001,
`
`Finjan and Check Point entered into a Partner Exhibitor Agreement for Trade Shows.
`33.
`
`Finjan reached out to Check Point as early as 2014 to discuss Check Point licensing of
`
`Finjan’s patents related to its behavior-based and anti-malware security technology. On December 8,
`
`2016, Finjan sent notice of the Asserted Patents in a letter addressed to Gil Schwed, the Chief
`
`Executive Officer of Check Point. A true and correct copy of the letter is attached to this Complaint
`
`as Exhibit 11. The letter notified Check Point that it was offering both products and services that
`
`infringe patents owned by Finjan. The letter included an appendix providing the patent numbers of
`
`the ‘844 Patent, ‘968 Patent, ‘731 Patent, ‘633 Patent, ‘086 Patent, and ‘494 Patent and the relevant
`
`Check Point Products. The letter also included a link to a page on Finjan’s website that listed
`
`Finjan’s entire patent portfolio.
`34.
`
`On February 9, 2017, Finjan called Check Point about the December 8, 2016, letter
`
`and spoke with a Check Point representative. Finjan sent a follow-up email on December 8, 2016
`
`letter to memorialize the conversation. Finjan received no response to its call or email. Finjan again
`
`contacted Check Point via email or other form of electronic messaging on July 31, 2017; September
`
`28, 2017; November 6, 2017; and February 21, 2018. Finjan received no responses from Check Point
`
`regarding these inquiries.
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`6
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`
`
`CHECK POINT’S PRODUCTS AND TECHNOLOGIES
`
`35.
`
`Defendant makes, uses, sells, offers for sale, and/or imports into the United States and
`
`this District the following products and services: Check Point’s Next Generation Firewall and
`
`Security Gateway products, Blade products, CloudGuard products, Endpoint Protection products,
`
`Advanced Threat Prevention products, Mobile Security products, ZoneAlarm products, Threat
`
`Intelligence products, Security Management and Policy Management products, ThreatCloud
`
`Managed Security Service products, Smart-1 Appliance products, products using SandBlast
`
`technology, and products utilizing the Gaia Operating System.
`
`
`CHECK POINT’S NEXT GENERATION FIREWALL AND SECURITY GATEWAY
`PRODUCTS
`Check Point’s Next Generation Firewalls provide data and network security protection
`
`36.
`
`in an integrated firewall and gateway platform. Check Point offers Next Generation Firewalls and
`
`Security Gateways for Cloud, Data Center, Midsized and Enterprise, Small Business, Consumer, and
`
`Home Office. Next Generation Firewalls and Security Gateways operate as gateways that provide
`
`all-inclusive security from cyber threats with Check Point Threat Prevention and integration with
`
`Check Point’s SandBlast technology.
`
`Exhibit 12 at 6.
`37.
`
`Check Point’s Next Generation Firewalls and Security Gateways allow the
`
`enforcement of security policies that serve as a collection of rules to control network traffic and
`
`enforce organization guidelines for data protection and access to resources. The Next Generation
`
`Firewalls and Security Gateways include the ThreatSpect Engine for multi-tiered analysis of network
`
`
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`7
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`
`
`traffic and correlation of data across multiple layers, including through antivirus, reputation, and
`
`behavioral patterns.
`
`Exhibit 13 at Page 14.
`38.
`
`Check Point’s Next Generation Firewalls and Security Gateways include different
`
`packages, including the NGTP with Antivirus, Anti-Bot, and email security and NGTX with the
`
`NGTP protection and SandBlast technology.
`
`
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`8
`
`CASE NO.
`
`
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`
`
`39.
`
`Check Point’s Next Generation Firewalls and Security Gateways are available as both
`
`hardware appliances and virtual appliances. Next Generation Firewalls and Security Gateways
`
`include unified malware and bot protection, which records extensive forensics regarding the detected
`
`malware and associated events.
`
`
`
`Exhibit 14 at Page 2.
`
`CHECK POINT’S CLOUDGUARD PRODUCTS
`
`40.
`
`Check Point’s CloudGuard products offer zero-day threat protection, identity
`
`protection, and data protection and are offered for Security as a Service (“SaaS”) and Infrastructure as
`
`a Service (“Iaas”) for public and private clouds. CloudGuard provides threat prevention security
`
`through shared intelligence and advanced threat prevention technology. CloudGuard SaaS provides
`
`advanced security and threat prevent for SaaS applications. CloudGuard IaaS provides advanced
`
`threat prevention for public and private cloud platforms like Amazon Web Services, Google Cloud
`
`Platform, Microsoft Azure, Cisco ACI, OpenStack, VMware NSX, VMware Cloud on AWS,
`
`VMware ESX, Alibaba Cloud, KVM, and Hyper-V.
`41.
`
`CloudGuard employs a hub and spoke model to provide security policy enforcement
`
`on network traffic.
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`9
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`
`
`Exhibit 15 at 6.
`
`ENDPOINT PROTECTION PRODUCTS
`
`42.
`
`Check Point’s Endpoint Protection products protect endpoints from attacks and zero-
`
`day threats through antivirus, anti-bot, and threat prevention. Endpoint Protection monitors,
`
`manages, and enforces user security policies on an endpoint.
`
`
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`10
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`
`
`
`
`Exhibit 16 at 3.
`43.
`
`Endpoint Protection allows endpoint security to be unified on a single management
`
`console and applied with a straightforward policy language.
`
`CHECK POINT’S ADVANCED THREAT PREVENTION PRODUCTS AND SANDBLAST
`44.
`
`Check Point’s Advanced Threat Prevention products provide zero-day protection for
`
`networks and detect evasion-resistant malware. Advanced Threat Prevention products include
`
`SandBlast Technology for threat emulation, threat extraction, and practical prevention. Advanced
`
`Network Threat Prevention is offered for Network, Endpoint, and Mobile, and is directly and
`
`indirectly used by Check Point products.
`45.
`
`Advanced Threat Prevention for Network Security provides an evasion resistant
`
`sandbox to catch unknown malware, eliminate threats, and deliver safe files to users. Advanced
`
`Threat Prevention for Network Security products include “SandBlast” technology to provide zero-day
`
`protection through Threat Emulation and Threat Extraction for next level detection of evasive
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`11
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`
`
`malware. SandBlast can be used in a number of different implementations, including as an appliance,
`
`as an agent, through a distributed deployment, as SandBlast service, inline or span-port deployment,
`
`mail transfer agent (MTA), or through a Threat Prevent API. SandBlast Threat Emulation performs
`
`deep level inspection of downloaded content, including both executables and data files, before the
`
`malware has a chance to deploy. SandBlast Threat Emulation runs downloaded files in a virtual
`
`sandbox to discover malicious behavior by monitoring the instructions performed and determining if
`
`the instruction relate to an exploit from malware. SandBlast Threat Emulation includes CPU-Level
`
`Inspection, which looks into the execution flow to determine if an exploitation method was used.
`
`SandBlast Threat Emulation creates a detailed report for each file that is emulated and found to be
`
`malicious. SandBlast Threat Extraction extracts potentially malicious content, such as macros or
`
`embedded links, from files to allow prompt delivery of clean and reconstructed versions of these files
`
`that only include known safe elements. SandBlast automatically shares newly discovered attack
`
`information with ThreatCloud.
`
`Exhibit 17 at 2 (August 2, 2016).
`
`
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`12
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`
`
`
`
`
`
`
`
`
`
`Exhibit 23.
`
`Exhibit 24.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`13
`
`CASE NO.
`
`
`
`
`
`46.
`
`Advanced Threat Prevention for Endpoint Protection provides SandBlast agents and
`
`browser extensions that prevent evasive attacks based on unknown and zero-day malware, intercept
`
`these attacks as runtime using behavioral analysis and forensic insights, and contain and remediate
`
`the harmful impact of these attacks. SandBlast Agents to collect and store suspicious activity on a
`
`computer and provides a rating indicating the level of suspiciousness associated with that activity.
`
`Exhibit 22.
`47.
`
`Check Point’s Advanced Threat Prevention for Mobile Threat Prevention protects
`
`mobile devices from infected apps, man-in-the-middle attacks over Wi-Fi, OS Exploits, and
`
`malicious links. Mobile Advanced Threat Prevention applies threat emulation, advanced static code
`
`analysis, app reputation, and machine learning. Advanced Threat Prevention for Mobile Threat
`
`Defense utilizes SandBlast for detecting whether a device is secure.
`
`
`
`
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`14
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`
`
`ZONEALARM PRODUCTS
`
`48.
`
`Check Point’s ZoneAlarm products are a suite of products that offers security features
`
`like behavioral antivirus, threat emulation, advanced firewall, identify protection, and protection from
`
`ransomware. ZoneAlarm allows users to send downloaded files like email attachments to a virtual
`
`cloud-based sandbox that will emulate the files and analyze the resulting behavior. ZoneAlarm also
`
`comes with advanced browser protects against websites for dangerous scripts, files, and other
`
`executables before they are downloaded onto the user’s computer, thereby preventing scrips or files
`
`from saving to disk or executing.
`
`THREAT INTELLIGENCE PRODUCTS
`
`49.
`
`Check Point’s Threat Intelligence includes ThreatCloud IntelliStore, Incident
`
`Response Service, Managed Security Service, and Private ThreatCloud. Threat Intelligence uses
`
`evidence-based knowledge like context, mechanisms, indicators, implications and actionable advice
`
`about an existing or emerging menace and is used to inform decisions regarding response to the
`
`menace.
`50.
`
`ThreatCloud IntelliStore provides organizations with real-time threat intelligence.
`
`ThreatCloud IntelligenceStore provides access to a wide range of protection, but also allows the
`
`picking and choosing of threat intelligence feeds based on a company’s unique needs (by geography,
`
`industry, or threat type). ThreatCloud Intelligence store creates a robust set of security protections
`
`and updates security gateways.
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`15
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`
`
`Exhibit 18 at Page 3.
`
`CHECK POINT’S THREATCLOUD PRODUCTS
`
`51.
`
`Check Point’s ThreatCloud performs automated analysis to find significant events on a
`
`network. Check Point ThreatCloud uses these events to identify malicious activity. ThreatCloud
`
`delivers real-time dynamic threat intelligence to security gateways to identify and stop emerging
`
`
`
`threats.
`
`
`Exhibit 19 at 2.
`
`
`
`CHECK POINT’S SECURITY MANAGEMENT PRODUCTS
`
`52.
`
`Check Point’s Security Management Products (which include Smart-1 Appliances)
`
`manage growing networks, disruptive technologies, and the proliferation of interconnected devices
`
`demand a new approach to managing security. Check Point’s Security Management Products operate
`
`as a single management solution to centrally correlate all types of events across all network
`
`environment, cloud services, and mobile infrastructures.
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`16
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`
`
`Exhibit 12 at Page 14.
`53.
`
`Check Point’s Infinity technology provides consolidated security and threat prevention
`
`across networks, cloud, and mobile. Check Point Infinity includes R80.10, which merges technology
`
`into an easy to use console that provides full spectrum visibility.
`
`
`
`
`
`Exhibit 20 at Page 3.
`
`DEFENDANT’S INFRINGEMENT OF FINJAN’S PATENTS
`
`54.
`
`Defendant has been and is now infringing, and will continue to infringe, the Asserted
`
`Patents in this Judicial District and elsewhere in the United States by, among other things, making,
`
`using, importing, selling, and/or offering for sale its Check Point’s Next Generation Firewall and
`
`Security Gateway products, Blade products, CloudGuard products, Endpoint Protection products,
`
`Advanced Threat Prevention products, Mobile Security products, ZoneAlarm products, Threat
`
`Intelligence products, Security Management and Policy Management products, ThreatCloud
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`17
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`
`
`Managed Security Service products, Smart-1 Appliance products, products using SandBlast
`
`technology, and products utilizing the Gaia Operating System. (“Accused Products”).
`55.
`
`In addition to directly infringing the Asserted Patents pursuant to 35 U.S.C. § 271(a),
`
`either literally or under the doctrine of equivalents, or both, Defendant indirectly infringes all the
`
`Asserted Patents by instructing, directing, and/or requiring others, including its customers,
`
`purchasers, users, and developers, to perform all or some of the steps of the method claims, either
`
`literally or under the doctrine of equivalents, or both, of the Asserted Patents.
`
`COUNT I
`(Direct Infringement of the ‘844 Patent pursuant to 35 U.S.C. § 271(a))
`Finjan repeats, realleges, and incorporates by reference, as if fully set forth herein, the
`
`56.
`
`allegations of the preceding paragraphs, as set forth above.
`57.
`
`Defendant has infringed Claims 1-44 of the ‘844 Patent in violation of 35 U.S.C. §
`
`271(a). Defendant’s infringement is based upon literal infringement or infringement under the doctrine
`
`of equivalents, or both. Defendant’s acts of making, using, importing, selling, and/or offering for sale
`
`infringing products and services have been without the permission, consent, authorization, or license of
`
`Finjan. Defendant’s infringement includes the manufacture, use, sale, importation and/or offer for sale
`
`of Defendant’s products and services, including Check Point’s Next Generation Firewall and Security
`
`Gateway products, Blade products, CloudGuard products, Endpoint Protection products, Advanced
`
`Threat Prevention products, Mobile Security products, ZoneAlarm products, Threat Intelligence
`
`products, Security Management and Policy Management products, ThreatCloud Managed Security
`
`Service products, Smart-1 Appliance products, products using SandBlast technology, and products
`
`utilizing the Gaia Operating System (collectively, the “‘844 Accused Products”).
`58.
`
`The ‘844 Accused Products embody the patented invention of the ‘844 Patent and
`
`infringe the ‘844 Patent because they practice a method of receiving by an inspector a downloadable,
`
`generating by the inspector first downloadable security profile that identifies suspicious code in the
`
`received downloadable, and linking by the inspector the first downloadable security profile to the
`
`downloadable before a web server makes the downloadable available to web clients. See generally
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`18
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`
`
`Exhibit 2. For example, as shown below, the ‘844 Accused Products provide gateway security to end
`
`users, where incoming downloadables (e.g., PDFs with JavaScript, EXE files, or JavaScript embedded
`
`within an HTML file) are received by the ‘844 Products.
`59.
`
`For example, the ‘844 Accused Products include emulation technology that uses an
`
`evasion resistant sandbox to catch unknown downloaded malware and eliminates threats and delivers
`
`safe files to users. The ‘844 Accused Products create a report with detailed information identifying
`
`suspicious code that was present in the content. The ‘844 Accused Products link the generated
`
`information on suspicious code before a web server make the content available to a web client that
`
`requested the content.
`60.
`
`For example, the ‘844 Accused Products perform extensive forensics regarding the
`
`detected malware and associated events to identify suspicious code.
`
`Exhibit 14 at Page 2.
`61.
`
`For example, SandBlast Threat Emulation performs deep level inspection of
`
`downloaded content, both executables and data files, before the malware has a chance to deploy.
`
`SandBlast Threat Emulation runs files in a virtual sandbox to discover malicious behavior by
`
`monitoring the instructions performed and determining if the instruction relate to an exploit from
`
`
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`19
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`
`
`malware. SandBlast Threat Emulation includes CPU-Level Inspection, which looks into the
`
`execution flow to determine if an exploitation method was used. SandBlast Threat Emulation creates
`
`a detailed report that identifies suspicious code for each file that is emulated and found to be
`
`malicious. SandBlast Threat Extraction extracts potentially malicious content, such as macros or
`
`embedded links, from files to allow prompt delivery of clean and reconstructed versions of these files
`
`that only include known safe elements. SandBlast automatically shares newly discovered attack
`
`information with ThreatCloud.
`
`Exhibit 17 at 2 (August 2, 2016).
`62.
`
`For example, ’844 Accused Products performs inline stopping of malicious failed
`
`before they reach a web client and shares these results with other systems.
`
`
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`20
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`
`
`Exhibit 25.
`63.
`
`For example, suspicious activity is recorded about suspicious code that is detected.
`
`
`
`Exhibit 22.
`64.
`
`Defendant’s infringement of the ‘844 Patent has injured Finj