Case 4:18-cv-07229-YGR Document 158-7 Filed 01/23/21 Page 1 of 17
`Case 4:18-cv-07229—YGR Document 158-7 Filed 01/23/21 Page 1 of 17
`
`
`
`
`
`
`
`
`
`
`
`
`
`EXHIBIT 6
`
`EXHIBIT 6
`
`

`

`Case 4:18-cv-07229-YGR Document 158-7 Filed 01/23/21 Page 2 of 17
`
`650 Page Mill Road
`Palo Alto, CA 94304-1050
`PHONE 650.493.9300
`FAX 650.493.6811
`www.wsgr.com
`
`July 23, 2020
`
`VIA EMAIL ONLY
`
`Ms. Lisa Kobialka
`Kramer Levin Naftalis & Frankel LLP
`990 Marsh Road
`Menlo Park, CA 94025
`lkobialka@kramerlevin.com
`
`Re: Finjan Inc. v. Qualys, Inc., N.D. Ca. Case No. 4:18-cv-07229-YGR
`
`Dear Counsel:
`
`We write to address deficiencies, detailed below, in Plaintiff Finjan, Inc.’s (“Finjan”)
`Patent L.R. 3-1 infringement contentions. In short, several of Finjan’s infringement theories now
`appear seem to be clearly precluded considering the Court’s June 11, 2020 Claim Construction
`Order (“Markman Order” or “the Order”) (Dkt. No. 74). Additionally, many of Finjan’s theories
`are facially deficient because they fail to state “specifically where and how each limitation of
`each asserted claim is found within each Accused Instrumentality.” Patent L.R. 3-1(c). Qualys
`requests that Finjan immediately withdraw all such precluded and deficient theories.
`
`I.
`
`Theories Precluded by the Markman Order.
`
`Several of Finjan’s infringement theories are now precluded by the Markman Order.
`Please agree to withdraw all such theories.
`
`A.
`
`Term 1, “instantiating, by the computer, a scanner for the specific
`programming language” (’408 Patent)
`
`This term is present in Claims 1, 3-8, and 22. The Court construed this term to mean
`“generating or requesting a scanner that can scan the programming language by providing a
`generic scanner instance with language specific data, rules, or both.” Markman Order at 9.
`However, for the claims in which this term is present, Finjan fails to provide a contention for this
`limitation whatsoever, much less one that satisfies the Court’s construction:
`
`The database of each Accused Product, as part of the Qualys Cloud computing
`environment, stores parser and analyzer rules that enables each Accused Product’s
`respective scanner to scan and identify “vulnerabilities” (computer exploits) based
`on malicious content downloaded from a source computer, such as the Internet in
`a variety of languages.
`
`AUSTIN BEIJING BOSTON BRUSSELS HONG KONG LONDON LOS ANGELES NEW YORK PALO ALTO
`SAN DIEGO SAN FRANCISCO SEATTLE SHANGHAI WASHINGTON, DC WILMINGTON, DE
`
`

`

`Case 4:18-cv-07229-YGR Document 158-7 Filed 01/23/21 Page 3 of 17
`
`Counsel for Finjan
`July 23, 2020
`Page 2
`
`. . .
`The parser and analyzer rules describe computer exploits as patterns of types of
`tokens because they enable the identification of malicious code expressed in
`different computer languages that are included within suspicious files. The
`patterns of types of tokens provided by the parser and analyzer rules enable each
`respective scanner to identify exploits through parsing of html files and extracting
`suspicious JavaScripts, PDFs, visual basic scripts, ActiveX components during
`static, dynamic, and behavior analysis.
`
`Infringement Contentions, Appendix F, at 6-13. Finjan’s contention addresses the
`existence of parser and analyzer rules but fails to identify any structure or functionality
`regarding the instantiation limitation, much less one that satisfies the Court’s
`construction. Accordingly, please confirm that Finjan will withdraw its contentions for
`Claims 1, 3-8 and 22 of the ’408 Patent.
`
`B.
`
`Term 2, “dynamically generating a policy index.” (’968 Patent)
`
`Claims 26, 32, and 33 of the ’968 Patent each recite “dynamically generating a policy
`index.” The Court construed this term to mean “adding allowability information to a policy
`index in response to user requests for cached and non-cached content.” Markman Order at 13.
`
`Finjan fails to provide a contention that addresses this contention. For Claims 26 and 32,
`Finjan states the following:
`
`

`

`Case 4:18-cv-07229-YGR Document 158-7 Filed 01/23/21 Page 4 of 17
`
`Counsel for Finjan
`July 23, 2020
`Page 3
`
`Infringement Contentions, Appendix B, at 56, 63. Similarly, for Claim 33, Finjan’s contention
`states:
`
`Id. at 70. None of these contentions identify any structure or functionality for adding
`allowability information to a policy index in response to user requests. Indeed, Finjan’s
`contentions identify only two products for this element: Web Application Firewall (WAF) and
`Web Application Scanning (WAS). These products protect and scan server-side web elements,
`and do not function based on user requests. Finjan cannot in good faith continue to assert these
`claims against Qualys. Please confirm that Finjan will withdraw its contentions for Claims 26,
`32, and 33 of the ’968 Patent.
`
`C.
`
`Term 5, “incoming files from the Internet” (’731 Patent)
`
`Claims 1 and 2 of the ’731 Patent include the limitation of “incoming files from the
`Internet.” The Court construed this term to mean “files requested by an intranet computer from
`the Internet.” Markman Order at 17-19. However, Finjan’s Contention Nos. 1 and 2 for this
`limitation fail to identify any structure or functionality whereby the files being scanned were first
`requested by an intranet computer. See Infringement Contentions, Appendix C, at 3-17. Only
`Contention No. 3 provides a contention for a client device (i.e. an intranet computer) to request
`content from the Internet. See id. at 18. Accordingly, please confirm that Finjan will withdraw
`Contention Nos. 1 and 2 for Claims 1 and 2 of the ’731 Patent.
`
`

`

`Case 4:18-cv-07229-YGR Document 158-7 Filed 01/23/21 Page 5 of 17
`
`Counsel for Finjan
`July 23, 2020
`Page 4
`
`D.
`
`Term 6, “web client” (’844 Patent)
`
`Each asserted claim for the ’844 Patent requires the presence of a “web client.” The
`Court construed “web client” to mean “an application on the end-user’s computer that requests a
`downloadable from the web server.” Markman Order at 20. Finjan’s infringement contentions,
`however, fail to identify any structure for an end-user computer that requests a downloadable
`from a web server, nor does Finjan identify any structure or functionality for making such a
`request from a web client to a web server. See Infringement Contentions, Appendix A, at 27-29,
`47-49, 54, 57, 64, 70, 72, 78, 80. Indeed, the accused devices operate independently of any web
`client content requests, and Finjan cannot maintain its infringement contentions for the ’844
`Patent in good faith. Therefore, please confirm that Finjan will withdraw its infringement
`contentions for this patent.
`
`E.
`
`Term 7, “a content processor” (’154 Patent)
`
`Claims 1 and 2 of the ’154 both require a “content processor.” The Court’s construction
`of this term requires the claimed “content processor” to be located “on the protected computer.”
`See Markman Order at 21-24.
`
`In light of the Court’s construction, Finjan cannot in good faith continue to assert
`Contentions 1-8 for these claims. Contention 1 for this claim states that the content processor is
`an “Internet Gateway,” which is not the computer being protected.1 See Infringement
`Contentions, Appendix E, at 3. Contentions 2-3 and 5-8 merely identify Qualys’s Software-as-a-
`Service products such as VM (Contention 2), TP (Contention 3), Container Security (Contention
`5), WAF (Contention 6), WAS (Contention 7), and Compliance Monitoring (Contention 8). See
`id. at 15-16, 18-21. For these contentions, however, Finjan has not identified any structure of
`functionality that it contends is physically located on the client computer. See id. at 3, 15-16, 18-
`21. Finally, although Contention No. 4 recites a software product (Cloud Agent) that can be
`installed on a computer being protected (such as a client device), Finjan does not allege in its
`contentions that Qualys makes, uses, sells, offers to sell, or imports such a computer. Moreover,
`Finjan does not allege indirect infringement for these claims. Consequently, none of Finjan’s
`contentions for these claims can survive and must be withdrawn.
`
`F.
`
`Terms 9 and 10, “transmitter” and “receiver” (’154, ’494, and ’968 Patents)
`
`In the Markman Order, the Court unequivocally stated that the claimed transmitters and
`receivers of the ’154, ’494, and ’968 Patents each require both hard and software structural
`components:
`
`1 Additionally, as noted for Terms 9 and 10, Finjan has alleged only direct infringement for the ’154 Patent but has
`not identified anything other than third-party gateways.
`
`

`

`Case 4:18-cv-07229-YGR Document 158-7 Filed 01/23/21 Page 6 of 17
`
`Counsel for Finjan
`July 23, 2020
`Page 5
`
`Here, the claims in each of the patents describe receivers as components separate
`from the processor that implements software. For example, in the ’154 Patent, the
`claims expressly recite a “content processor” as a separate claim limitation from
`the receiver and the transmitter. (See ’154 Patent at claims 1-2, 6-7.) Figure 1 of
`the ’154 Patent similarly shows the receiver and transmitter on the client
`computer separate from the processor on that computer. (See id. at Figs. 2, 4.)
`Likewise, in the ’494 Patent, the claims recite a receiver “coupled” to a database
`scanner. (’494 Patent at claim 10.) The term “coupled” connotes hardware—a
`software module cannot be coupled to a hardware scanner. Additionally, Figure 2
`of the ’494 Patent shows a processor apart from a communications interface,
`which the specification states may contain communication devices, such as a
`transceiver. (Id. at Fig. 2, 8:49-54.) Finally, although the ’968 Patent does not
`mention a “receiver” in the specification, the claims state the receiver is part of
`the cache manager, which also includes other hardware components, such as a
`memory. (See ’968 Patent at claim 7, claim 1.) In short, the claims here appear to
`be directed to a hardware implementation where the “receiver” is a distinct
`component, not a software module.
`
`. . .
`
`As with “receiver,” the specification of the ’154 Patent consistently shows the
`“transmitter” as a hardware component separate from the processor. (See ’154
`Patent at Figs. 1, 2, 4.) Although the ’968 Patent does not mention a transmitter in
`the specification, claim 6 states that the transmitter is part of the cache manager,
`which Figure 1 shows as a hardware component on the proxy server that includes
`other hardware components. (’968 Patent at Fig. 1.).
`
`Markman Order at 27, 29. Finjan cannot maintain several of its contentions for the ’154,
`’494, and ’968 Patents because it has failed to identify structure or functionality
`pertaining to such required hardware elements.
`
`1.
`
`’154 Patent
`
`Claims 1 and 2 of the ’154 Patent require both a transmitter and a receiver. Claim 4,
`similarly, requires the steps of transmitting and receiver in the same manner as in Claims 1 and
`2. Finjan’s infringement contentions for these claims fail to identify the hardware elements
`required by the Markman Order, and must therefore be withdrawn.
`
`Finjan’s Contention No. 1 states that the Internet Gateway is the transmitter and receiver.
`However, as noted above, Finjan alleges only direct infringement for these claims but has not
`
`

`

`Case 4:18-cv-07229-YGR Document 158-7 Filed 01/23/21 Page 7 of 17
`
`Counsel for Finjan
`July 23, 2020
`Page 6
`
`pointed to any internet gateway that that Qualys makes, uses, sells, offers to sell, or imports
`within the meaning of Patent Law. See, e.g., Centillion Data Sys., LLC v. Qwest Commc'ns Int'l,
`Inc., 631 F.3d 1279, 1284 (Fed. Cir. 2011) (“We hold that to ‘use’ a system for purposes of
`infringement, a party must put the invention into service, i.e., control the system as a whole and
`obtain benefit from it.”); id. at 1288 (“Qwest manufactures only part of the claimed system. In
`order to ‘make’ the system under § 271(a), Qwest would need to combine all of the claim
`‘personal computer data processing means’ and installing the client software.”). By pointing
`only to third-party gateways, Finjan has not (and cannot) contend that Qualys direct infringes the
`claims under this theory of infringement.
`
`The remainder of Finjan’s contentions (nos. 2-8) for these claims are equally as flawed.
`Finjan alternatively alleges that Qualys’s cloud-based Software-as-a-Service products are the
`claimed transmitter and receiver. But, being pure software, these products cannot be either the
`receiver or the transmitter under the Court’s claim construction. See, e.g., Markman Order at 29
`(“As with ‘receiver,’ the specification of the ’154 Patent consistently shows the ‘transmitter’ as
`aa hardware component separate from the processor.”).
`
`Finjan cannot in good faith continue to assert any of its infringement theories for the ’154
`Patent. Please confirm that you will withdraw this patent.
`
`2.
`
`’494 Patent
`
`Claim 10 of the ’494 Patent requires a receiver. However, Finjan’s infringement
`contentions for this claim allege that “each of the Qualys Accused Products include a
`[respective] receiver.” Infringement Contentions, Appendix G, at 2-4. However, as noted
`above, each of the accused products (other than the Qualys Scanner Appliance) is a software
`product provided to customers via a cloud-based Software-as-a-Service. None of those products
`qualify as a “receiver.” Likewise, Finjan cannot alternatively point to third party hardware such
`as internet gateways or client devices, because it has alleged only direct infringement for this
`patent. See Infringement Contentions at 6-9. Finjan must, therefore withdraw its infringement
`allegations for Claim 10 of the ’494 Patent and its dependent claims.
`
`3.
`
`’968 Patent
`
`Claim 6 of the ’968 Patent requires a transmitter. However, Finjan’s Contention 1 of
`Claim 6 of the ’968 Patent alleges that that accused products contain the claimed “transmitter.”
`For the same reasons discussed above, Finjan must withdraw this contention from all accused
`software products.
`
`In light of the foregoing, Finjan must agree to withdraw all precluded claims along with
`any corresponding dependent claims.
`
`

`

`Case 4:18-cv-07229-YGR Document 158-7 Filed 01/23/21 Page 8 of 17
`
`Counsel for Finjan
`July 23, 2020
`Page 7
`
`II.
`
`Finjan Must Withdraw Non-Compliant Contentions.
`
`Finjan must also agree to withdraw those contentions that fail to comply with Patent L.R.
`3-1(c)’s requirement to provide “A chart identifying specifically where and how each limitation
`of each asserted claim is found within each Accused Instrumentality.”
`
`A.
`
`Claim Chart A:’844 Patent
`
`Finjan has accused the following products and services of directly infringing claims 1-9,
`11, 15-17, 21-23, 32, and 41-44 of the ’844 Patent (collectively, the “Asserted ’844 Claims”):
`Malware Detection (“MD”), Web Application Scanning (“WAS”), Web Application Firewall
`(“WAF”), Secure Seal (“SS”), Vulnerability Management (“VM”), Continuous Monitoring
`(“CM”), ThreatPROTECT (“TP”), Cloud Agent (“CA”) technology, the Knowledgebase, the
`Qualys research labs (“QRL”), and Qualys Scanner Appliance and Virtual Appliance
`(collectively, “the ’844 Accused Products”). However, Finjan has not provided a contention
`“identifying specifically where and how each limitation of each asserted claim is found within
`each Accused Instrumentality” as Patent L.R. 3-1(c) requires and in light of the Court’s
`Markman Order. Finjan must agree to immediately withdraw such deficient contentions.
`
`For several of the ’844 Accused Products, Finjan failed to provide a contention for each
`and every limitation. For example:
`
`• For Claim Elements 1c and 1d, Finjan fails to identify any contentions for the
`Knowledgebase, Qualys research labs, Qualys Scanner appliance, and/or Virtual
`Appliance.
`
`• For Claim 8, Finjan fails to provide contentions for any product other than Cloud Agent.
`
`• For Claim 9, Finjan fails to provide contentions for any product other than for WAF.
`
`• For Claim Elements 22b, 22c, and 23b, Finjan fails to provide contentions for any
`product other than WAF.
`
`• For Claim Element 23c, Finjan fails to provide contentions for any product other than
`WAF and Secure Seal.
`
`Finjan has also failed to identify accused structure and/or functionality for each and every
`limitation. For example:
`
`

`

`Case 4:18-cv-07229-YGR Document 158-7 Filed 01/23/21 Page 9 of 17
`
`Counsel for Finjan
`July 23, 2020
`Page 8
`
`• For Claims 1, 22, 23, and 42, Finjan fails to provide a contention identifying structure or
`functionality regarding whether and how the linking step occurs before a web server
`makes the downloadable available to web clients.
`
`• For Claims 4-7 and 21, Finjan fails to identify any structure or functionality that it
`contends perform the steps of these claims.
`
`• For Claim 11, Finjan states only that “the Qualys Accused Products practice the method
`of claim 1. See analysis for Claim 1c, above.” But, Claim 11 depends on Claim 1 and is
`therefore not coextensive in claim scope. Thus, Finjan has failed to provide any
`contention for this claim. It must, therefore, be withdrawn.
`
`• For Claim 15, Finjan fails to provide any contention for the limitation “a first content
`inspection engine for using the first rule set to generate a first Downloadable security
`profile that identifies suspicious code in a Downloadable, and for linking the first
`Downloadable security profile to the Downloadable before a web server makes the
`Downloadable available to web clients.”
`
`• For Claims 16 and 17, Finjan fails to provide a contention for the limitations “list of
`suspicious operations” or “list of suspicious code patterns.”
`
`• For Claim 22, Finjan fails to identify structures or functionality comparing a policy to a
`DSP.
`
`• For Claims 23, 32, and 42, Finjan’s contentions fail to identify any instrumentality
`performing the step of “determining whether to trust the downloadable security profile.”
`The contentions state only that when the DSP includes links to recommended solutions,
`the accused products can determine to trust the DSP. But there is no recitation of
`functionality actual making this trust determination. Additionally, for Claim Element
`32d, Finjan states without any support or elaboration that “this determination is made by
`an engine coupled to the file reader” but does not say what the engine is or where it is
`located for any accused product.
`
`• Also for Claim 32, Finjan fails to identify any structure or functionality for the limitation
`“a file reader coupled to the interceptor for determining whether the Downloadable
`includes a linked Downloadable security profile.” Finjan states only that DSPs can be
`linked to downloadable before being made available to clients, reciting Claim Elements
`1c and 1d. However, Claim 1 involves receiving a downloadable before linking it to a
`DSP, and does not recite a file reader or any functionality that determines if a
`
`

`

`Case 4:18-cv-07229-YGR Document 158-7 Filed 01/23/21 Page 10 of 17
`
`Counsel for Finjan
`July 23, 2020
`Page 9
`
`downloadable has already been linked to a DSP. Finjan provides no actual contention for
`this element and so must withdraw this claim.
`
`Finjan must withdraw its allegations where it either failed to provide a contention for
`each product or failed to do for each limitation of each asserted claim.
`
`B.
`
`Claim Chart B: the ’968 Patent
`
`Finjan has accused the following products and services of directly and/or indirectly
`infringing claims 1, 6-7, 9-11, 13-15, 23, 26, and 32-33 of the ’968 Patent (collectively, the
`“Asserted ’968 Claims”): Malware Detection (“MD”), Web Application Scanning (“WAS”),
`Web Application Firewall (“WAF”), Secure Seal (“SS”), Vulnerability Management (“VM”),
`Continuous Monitoring (“CM”), ThreatPROTECT (“TP”), Indication of Compromise (“IoC”),
`Policy Compliance (“PC”), Cloud Agent (“CA”) technology, the Knowledgebase, the Qualys
`research labs (“QRL”), and Qualys Scanner Appliance and Virtual Appliance (collectively, “the
`’968 Accused Products”). However, Finjan has not provided a contention “identifying
`specifically where and how each limitation of each asserted claim is found within each Accused
`Instrumentality” as Patent L.R. 3-1(c) requires and in light of the Court’s Markman Order.
`Finjan must agree to immediately withdraw such deficient contentions.
`
`For several of the accused products, Finjan fails to provide a contention for each
`limitation. For example:
`
`• For Claim Element 1b of the ’968 Patent, Finjan fails to provide a contention for the
`Knowledgebase, research labs, and/or the Scanner/Virtual appliances.
`
`• For Claims 10 and 11, Finjan provides a contention only for Malware Detection.
`
`• For Claim Element 13c, Finjan provides a contention only for Malware Detection
`combined with Policy Compliance.
`
`• For Claim Elements 13d and 23d, Finjan provides a contention only for Qualys’s
`Container Security product and makes no attempt to show any relationship between this
`product and any other accused product.
`
`• For Claim Elements 13e and 23e, Finjan provides a contention only for the WAF product.
`
`• For Claim Elements 13f and 23f, Finjan provides a contention only for the WAS product.
`
`• For Claim Elements 13g and 23g, Finjan provides a contention only for a product called
`“Qualys Free Scan,” and not any of the actual accused products in this case.
`
`

`

`Case 4:18-cv-07229-YGR Document 158-7 Filed 01/23/21 Page 11 of 17
`
`Counsel for Finjan
`July 23, 2020
`Page 10
`
`• For Claim Elements 26c, 32c, and 33c, Finjan provides a contention only for the
`combination of WAF + WAS.
`
`• For Claim Elements 26d, 32d, and 33d, Finjan refers only to WAS and WAF, but cites a
`screen shot from the manual of a different (unaccused) product, i.e. the Qualys Free Scan.
`
`• For Claim Element 26g and 32g, Finjan refers only to WAS.
`
`Finjan has also failed to identify accused structure and/or functionality for each and every
`limitation. For example:
`
`• For each of Finjan’s Contentions 1-10 for Claim Element 1b, Finjan fails to identify any
`structures or functionality in the corresponding accused products include a policy index
`whose entries indicate “cached content that is known to be allowable relative to a given
`policy, for each of a plurality of policies.”2
`
`• For Claims 26 and 32, Finjan fails to provide a contention for storing “an indication of
`the results of said determining whether the piece of digital content is allowable within
`the policy index.” Finjan also fails to identify any structure of functionality it contends
`satisfies the limitation “adding an entry in the policy index indicating the allowability or
`the non-allowability of the piece of digital content relative to the given user policy, based
`on the results of said determining.” Finjan contends only that “a corresponding entry in
`the policy index” is created “based at least in part on a policy determined for a user.”
`
`C.
`
`Claim Chart C: the ’731 Patent
`
`Finjan has accused the following products and services of directly and/or indirectly
`infringing claims 1, 2, 14, 15, and 17 of the ’731 Patent (collectively, the “Asserted ’731
`Claims”): Malware Detection (“MD”), Web Application Scanning (“WAS”), Web Application
`Firewall (“WAF”), Secure Seal (“SS”), Vulnerability Management (“VM”), Continuous
`Monitoring (“CM”), ThreatPROTECT (“TP”), Indication of Compromise (“IoC”), Policy
`Compliance (“PC”), Cloud Agent (“CA”) technology, the Knowledgebase, the Qualys research
`labs (“QRL”), and Qualys Scanner Appliance and Virtual Appliance (collectively, “the ’731
`Accused Products”). However, Finjan has not provided a contention “identifying specifically
`where and how each limitation of each asserted claim is found within each Accused
`
`2 Also, Finjan limits the scope of Contention 1 to the combination of Malware Detection + Policy Compliance by
`pointing solely to Policy Compliance for the limitation of the plurality of policies and policy index. See
`Infringement Contentions, Appendix B, at 3. Therefore, at a minimum, Finjan must limit Contention 1 to the
`combination of Malware Detection + Policy Compliance.
`
`

`

`Case 4:18-cv-07229-YGR Document 158-7 Filed 01/23/21 Page 12 of 17
`
`Counsel for Finjan
`July 23, 2020
`Page 11
`
`Instrumentality” as Patent L.R. 3-1(c) requires and in light of the Court’s Markman Order.
`Finjan must agree to immediately withdraw such deficient contentions.
`
`There are ’731 Accused Products for which Finjan did not provide contentions for each
`and every limitation. Finjan must withdraw its allegations for those products for which it failed
`to provide complete contentions. For example, the only products for which Finjan provides a
`contention on each element of Claim 1 of the ’731 Patent are Web Application Firewall (WAF)
`and Compliance Monitoring (CM). Finjan fails to provide contentions for every limitation of
`Claim 1 for Malware Detection (missing 1e), Web Application Scanning (missing 1e), Secure
`Seal (missing 1d and 1e), Vulnerability Management (missing 1e), Threat Protect (missing 1e),
`Indications of Compromise (missing 1e), Policy Compliance (missing 1b, 1c, and 1d), Cloud
`Agent (missing 1c and 1e), the Knowledgebase (missing all), Qualys Research Labs (missing
`all), and/or the Scanner Appliance and Virtual Appliance (missing 1b, 1d, and 1e). Also, for the
`limitation “is indexed by a file identifier,” Finjan provides a contention only for Indications of
`Compromise. See Appendix C at 29 (citing https://vimeo.com/289582255, a training video on
`IoC). Likewise, for Claim 2 of the ’731 Patent, Finjan provides no contentions for any accused
`product other than Indications of Compromise. See Appendix C at 62 (citing
`https://vimeo.com/289582255, a training video on IoC). For Claim 14, Finjan fails to provide a
`complete contention for any ’731 Accused Product because it fails to provide a contention as to
`the claimed “network gateway” in any of Finjan’s products. Finjan also fails to provide
`contentions for each ’731 Accused Product for other elements, such as WAF (missing 14b),
`Continuous monitoring (missing 14c-14f), ThreatProtect (missing 14c, 14e, and 14f), Policy
`Compliance (missing all), Cloud Agent (missing 14d-14f), the Knowledgebase (missing all),
`Qualys Research Labs (missing all), and and/or the Scanner Appliance and Virtual Appliance
`(missing all). Also, for the limitations “file identifier” and “security profile,” Finjan provides a
`contention only for IoC. See Appendix C at 100 (citing https://vimeo.com/289582255, a training
`video on IoC); id. at 110 (citing https://vimeo.com/289582255, a training video on IoC). Finjan
`similarly limits its contentions for Claim 15 solely to IoC. See id. at 120 (citing same IoC
`training video). Also, Finjan’s contentions for Claim 17 merely refer to Claim 14 by reference
`and are inadequate for the same reasons.
`
`Finjan has also failed to identify accused structure and/or functionality for each and every
`limitation. For example:
`
`•
`
`In Claim 1, Finjan fails to provide a contention for the limitation “security profile
`comprises a list of computer commands that a corresponding one of the incoming files is
`programmed to perform.” Finjan either fails to point to structure or functionality for
`deriving a security profile that has a list of computer commands, or it identifies an
`abstract list of computer commands without contending that such commands are
`performed within one of the incoming files. See, e.g., Appendix C at 4-5 (no
`
`

`

`Case 4:18-cv-07229-YGR Document 158-7 Filed 01/23/21 Page 13 of 17
`
`Counsel for Finjan
`July 23, 2020
`Page 12
`
`identification of commands performed by incoming file); 7 (identifying only “potential
`threats” and not lists of commands); see also id. at 8-19.
`
`• Also in Claim 1, Finjan fails to provide any contention that any of the accused products
`include a file cache that stores previously-scanned files for future access. Finjan’s
`contentions point to alleged ability of the ’731 Accused Products to store “scan data” and
`reports about scans – but fails to identify any structure or functionality in any product for
`storing a previously-scanned file for future access.
`
`• For Claims 14 and 17, Finjan fails to identify structure or functionality for retrieving files
`that have been requested. While Finjan contends that the ’731 Accused Products can
`retrieve files from the Internet, it does not identify a contention showing how such files
`were first requested. See, e.g., Appendix C at 66-75. Finjan also fails to identify, where
`each ’731 Accused Product determines computer commands that a retrieved file is
`programmed to perform. See, e.g., id. at 79 (identifying only “security events”), 81
`(identifies a file but no commands), 82 (refers to identifying malware, not determining
`computer commands), 83-87.
`
`• Also for Claim 14, Finjan fails to identify any structure within any network gateway that
`it contends satisfies the limitations “a file cache of the network gateway” and/or “a
`security profile cache of the network gateway.” While Finjan states a contention that file
`and security profile caches exist within the ’731 Accused Products, it does not identify
`any structures or limitations within a network gateway itself. See, e.g., id. at 98-108.
`
`D.
`
`Claim Chart D: the ’305 Patent
`
`Finjan has accused the following products and services of directly and/or indirectly
`infringing claims 6-12, 14, and 17-25 of the ’305 Patent (collectively, the “Asserted ’305
`Claims”): Malware Detection (“MD”), Web Application Scanning (“WAS”), Web Application
`Firewall (“WAF”), Secure Seal (“SS”), Vulnerability Management (“VM”), Continuous
`Monitoring (“CM”), ThreatPROTECT (“TP”), Indication of Compromise (“IoC”), Policy
`Compliance (“PC”), Cloud Agent (“CA”) technology, the Knowledgebase, the Qualys research
`labs (“QRL”), and Qualys Scanner Appliance and Virtual Appliance (collectively, “the ’305
`Accused Products”). However, Finjan has not provided a contention “identifying specifically
`where and how each limitation of each asserted claim is found within each Accused
`Instrumentality” as Patent L.R. 3-1(c) requires. Finjan must agree to immediately withdraw such
`deficient contentions.
`
`Finjan did not provide a complete contention for any single ’305 Accused Product, and it
`must withdraw this patent. For each, for example, Finjan identified various accused products but
`
`

`

`Case 4:18-cv-07229-YGR Document 158-7 Filed 01/23/21 Page 14 of 17
`
`Counsel for Finjan
`July 23, 2020
`Page 13
`
`for only a subset of the limitations. For Claim 1, Finjan did not provide a complete contention
`for MD (missing all but 1c); WAS (missing 1b, 1e, and 1f); WAF (missing 1b, 1c, and 1e); SS
`(missing all but 1c); VM (missing all but 1c); CM (missing all); TP (missing all); IOC (missing
`all but 1c); PC (missing all), Ca (missing all but 1c); Knowledgebase (missing all but 1b);
`Qualys Research Labs (missing all); and the Scanner Appliance and Virtual Scanner (missing all
`but 1b). Finjan incorporated all of Claim 25 by reference to Claim 1, so Claim 25 is deficient for
`the same reasons. For Claims 6-12 and 18-24, Finjan identified only the Knowledgebase.
`Finally, for Claim 14, Finjan identified only WAF. Finjan must withdraw its allegations against
`products for which it provided only a partial contention.
`
`Finjan has also failed to identify accused structure and/or functionality for each and every
`limitation. For example:
`
`• For Claim 1, Finjan fails to identify any structure or functionality that matches the
`limitation “a rule-based content scanner that communicates with saw database of parser
`and analyzer rules, operatively coupled with said network interface, for scanning
`incoming content received by said network interface to recognize the presence of
`potential computer exploits therewithin.” Instead, Finjan provides four “contentions,”
`each of which simply incorporate by reference its contentions from the prior element:
`
`Appendix D at 21. The two elements are not synonymous, however, and Finjan offers no
`actual contention for this limitation. It must, therefore, withdraw its allegations regarding
`Claim 1 and the asserted claims that depend on it. Likewise, Finjan’s contentions for
`Claims 13 and 25 similarly incorporate Claim 1 by reference, so it must also withdraw
`those claims and their dependent claims.
`
`• Also for Claim 1, Fi