Case 4:18-cv-07229-YGR Document 188 Filed 04/05/21 Page 1 of 10
`
`
`
`UNITED STATES DISTRICT COURT
`NORTHERN DISTRICT OF CALIFORNIA
`
`FINJAN, INC.,
`Plaintiff,
`
`vs.
`
`QUALYS INC.,
`Defendant.
`
`CASE NO. 4:18-cv-07229-YGR
`
`
`ORDER GRANTING IN PART AND DENYING
`IN PART DEFENDANT’S MOTION TO STRIKE
`Re: Dkt. No. 156, 157, 158, 163
`
`
`
`
`
`
`
`
`
`
`
`Plaintiff Finjan, Inc. (“Finjan”) brings this patent infringement action against defendant
`Qualys Inc. (“Qualys”) for direct and indirect infringement of its patents. Now before the Court is
`Qualys’ motion strike certain portions of Finjan’s infringement and damages expert reports. (Dkt.
`No. 158 (“Mot.”).) Qualys contends that Finjan’s expert, Dr. Nenad Medvidovic, introduced six
`new theories in his report that were not disclosed in Finjan’s infringement contentions. Having
`carefully considered the pleadings and the papers submitted,1 the Court GRANTS IN PART and
`DENIES IN PART Qualys’ motion to strike.
`
`I.
`
`BACKGROUND
`Finjan accuses Qualys of infringing several patents, including U.S. Patent No. 8,225,408
`(the “’408 Patent”). The ’408 Patent broadly relates to scanning content for “exploits” (security
`vulnerabilities). (See ’408 Patent at 1:59-64.) It does so using a scanner that is specific to each
`programming language and that includes rules to dynamically break down incoming content into
`“tokens” and analyze patterns in those tokens. (See id. at 1:65-2:19.) Claim 1 recites:
`
`1. A computer processor-based multi-lingual method for scanning incoming program code,
`comprising:
`
`
`1 The Court finds the motion appropriate for resolution without oral argument and the
`matter is deemed submitted.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`Northern District of California
`United States District Court
`
`

`

`Case 4:18-cv-07229-YGR Document 188 Filed 04/05/21 Page 2 of 10
`
`
`
`
`
`
`
`
`
`
`
`
`
`receiving, by a computer, an incoming stream of program code;
`
`determining, by the computer, any specific one of a plurality of programming
`languages in which the incoming stream is written;
`
`instantiating, by the computer, a scanner for the specific programming language,
`in response to said determining, the scanner comprising parser rules and analyzer
`rules for the specific programming language, wherein the parser rules define certain
`patterns in terms of tokens, tokens being lexical constructs for the specific
`programming language, and wherein the analyzer rules identify certain
`combinations of tokens and patterns as being indicators of potential exploits,
`exploits being portions of program code that are malicious;
`
`identifying, by the computer, individual tokens within the incoming stream;
`
`dynamically building, by the computer while said receiving receives the incoming
`stream, a parse tree whose nodes represent tokens and patterns in accordance with
`the parser rules;
`
`dynamically detecting, by the computer while said dynamically building builds the
`parse tree, combinations of nodes in the parse tree which are indicators of potential
`exploits, based on the analyzer rules; and
`
`indicating, by the computer, the presence of potential exploits within the incoming
`stream, based on said dynamically detecting.
`
`Finjan accuses the Qualys Cloud Platform, which comprises several interrelated products.
`
`(Dkt. No. 1 (“Complaint”) ¶ 35; see Dkt. No. 164-3 (“Medvidovic Report”) ¶ 94.) Finjan served
`its infringement contentions on April 19, 2019, describing generally how “each of the Accused
`Products” meets the claim limitations. (Dkt. No. 158-6 (“Contentions”) at 2-18.) Fact discovery
`closed on October 1, 2020, and the parties served their opening expert reports six weeks after that.
`(Dkt. Nos. 39, 78.) Dr. Medvidovic and Dr. Eric Cole opined on infringement on behalf of Finjan.
`(Medvidovic Report; Dkt. No. 158-3 (“Cole Report”).) Dr. DeForest McDuff opined on damages.
`(Dkt. No. 158-4 (“McDuff Report”).)
`
`II.
`
`LEGAL STANDARD
`The Patent Local Rules “require parties to crystallize their theories of the case early in the
`litigation and to adhere to those theories once they have been disclosed.” Simpson Strong-Tie Co.,
`Inc. v. Oz-Post Int’l, LLC, 411 F. Supp. 3d 975, 980-81 (N.D. Cal. 2019) (citation omitted).
`Specifically, Patent Local Rule 3-1 requires a party asserting patent infringement to disclose each
`2
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`Northern District of California
`United States District Court
`
`

`

`Case 4:18-cv-07229-YGR Document 188 Filed 04/05/21 Page 3 of 10
`
`
`
`“Accused Instrumentality” separately for each asserted claim, together with a chart “identifying
`specifically where and how each limitation of each asserted claim is found within each Accused
`Instrumentality.” Patent L.R. 3-1(b). Once these disclosures are made, they can only be amended
`by Court order upon a showing of good cause. Patent L.R. 3-6.
`The purpose of these rules is to “provide structure to discovery and to enable the parties to
`move efficiently toward claim construction and the eventual resolution of their dispute.” Huawei
`Techs., Co., Ltd v. Samsung Elecs. Co, Ltd., 340 F. Supp. 3d 934, 945 (N.D. Cal.2018) (citation
`omitted). As such, “a party may not use an expert report to introduce new infringement theories,
`new infringing instrumentalities, new invalidity theories, or new prior art references not disclosed
`in the parties’ infringement contentions or invalidity contentions.” Looksmart Group, Inc. v.
`Microsoft Corp., 386 F. Supp. 3d 1222, 1227 (N.D. Cal. 2019) (citation omitted). Undisclosed
`theories “are barred . . . from presentation at trial (whether through expert opinion testimony or
`otherwise).” MediaTek Inc. v. Freescale Semiconductor, Inc., No. 11-CV-5341-YGR, 2014 WL
`690161, at *1 (N.D. Cal. Feb. 21, 2014).
`A theory, however, is not the same as proof of that theory. Parties “need not ‘prove up’”
`their case in contentions, and a patentee need only “provide reasonable notice to defendant why
`[it] believes it has a reasonable chance of proving infringement.” Finjan, Inc. v. Blue Coat Sys.,
`Inc., No. 13-cv-03999-BLF, 2015 WL 3640694, at *2 (N.D. Cal. June 11, 2015) (citations and
`quotation marks omitted). Courts thus distinguish “identification of the precise element of any
`accused product alleged to practice a particular claim limitation” and “every evidentiary item of
`proof showing that the accused element did in fact practice the limitation.” Genetech, Inc. v. Tr. of
`Univ. of Penn., No. C 10-2037 LHK (PSG), 2012 WL 424985, at *1 (N.D. Cal. Feb. 9, 2012)
`(citation and internal quotation marks omitted) (emphasis in original). In deciding whether to
`strike expert testimony, the dispositive question is whether “the expert permissibly specified the
`application of a disclosed theory” or “impermissibly substituted a new theory altogether.” Digital
`Reg of Tex., LLC v. Adobe Sys. Inc., No. CV 12-01971-CW (KAW), 2014 WL 1653131, at *2
`(N.D. Cal. Apr. 24, 2014) (citation omitted).
`
`3
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`Northern District of California
`United States District Court
`
`

`

`Case 4:18-cv-07229-YGR Document 188 Filed 04/05/21 Page 4 of 10
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`III. ANALYSIS
`Finjan moves to strike six “theories” in Dr. Medvidovic’s report, including purportedly
`new theories related to (1) the Cloud Agent, (2) dynamically building a parse tree and detecting
`exploits, (3) receiving content, (4) date of first infringement, (5) doctrine of equivalents, and (6)
`foreign sales.2 The Court addresses each.
`
`A.
`Cloud Agents
`Qualys first moves to strike Finjan’s Cloud Agent theories. According to Dr. Medvidovic,
`the accused Qualys Cloud Platform collects data through either a scanner—a physical or virtual
`appliance deployed on a network—or a Cloud Agent, which is an application that resides on the
`endpoint itself (e.g., on a laptop). (Medvidovic Report ¶¶ 96-100.) Dr. Medvidovic opines that
`both methods satisfy the limitations of “scanning incoming code” and “receiving, by a computer,
`an incoming stream of program code.” (Id. ¶¶ 183, 185, 187 & n.6, 195-96.)
`In addition, Dr. Medvidovic opines that the Cloud Agent provides alternatives methods for
`performing other steps, including determining a programming language (¶ 214), applying analyzer
`rules (¶¶ 235-38), identifying individual tokens (¶ 258), dynamically building a parse tree (¶¶ 287-
`89), dynamically detecting exploits (¶¶ 303-09), and indicating the presence of the exploit (¶¶ 325,
`327). These opinions are incorporated into Dr. Medvidovic’s damages analysis, in so far as it does
`not change where cloud agents in place of scanners are used. (Id. ¶ 446.)
`Finjan’s infringement contentions did not identify the Cloud Agent for any limitation.
`With respect to the “receiving” limitation, Finjan’s contentions disclosed that “[e]ach of the
`Accused Products” receives incoming content in two ways: first, when executed “on a node that is
`part of the Qualys Cloud computing environment,” and second, when residing on “Appliance
`Scanners” dispersed as “endpoints throughout the computer network.” (Contentions at 2, 3-4.)
`Qualys correctly points out that this does not specifically disclose a Cloud Agent. However, it
`also does not specifically disclose a scanner (which does not reside at the endpoints). Instead, the
`
`
`2 Following the filing of the motion, the parties stipulated to dismiss claim 29 of the ’408
`Patent. (Dkt. No. 185.) The Court therefore denies the motion to strike paragraphs 415-19 and
`427-30 as moot.
`
`
`4
`
`Northern District of California
`United States District Court
`
`

`

`Case 4:18-cv-07229-YGR Document 188 Filed 04/05/21 Page 5 of 10
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`contentions appear to generically disclose that the accused product may reside on either the node
`or the endpoint when receiving data.
`While these contentions could have been more specific, the Court finds that Finjan
`sufficiently disclosed its overall theory for this limitation. Finjan specifically identified the Cloud
`Agent as an accused product in its initial disclosures (see Dkt. No. 164-4 at 4), and thus disclosed
`the possibility of receiving content with a Cloud Agent at an endpoint. A comparison with other
`contentions shows that Finjan performed a similar analysis for other patents, but then specifically
`listed a “scanner” for each individual product as performing the claimed functions. (See Dkt. No.
`100-11 at 180, 193 (showing the products at a node and endpoints), 189 (a “scanner for Cloud
`Agent”).) The difference in specificity between these contentions appears to stem from the claim
`language: claim 1 requires receiving content “by a computer,” and Dr. Medvidovic opines that the
`computer is a “scanner engine,” “WAS scanner,” or “Qualys Cloud Platform working with a
`Cloud Agent”—not the Cloud Agent itself. (See Medvidovic Report ¶ 185.) As such, Finjan did
`not introduce a new theory by failing to specify that the Cloud Agent collects the data before the
`“computer” associated with the Cloud Agent receives it.3
`With respect to the other limitations, the difference between the contentions and the report
`appear to be largely superficial. For instance, Dr. Medvidovic opines that both a scanner engine
`and a server associated with a Cloud Agent search for exploits. (Id. ¶¶ 229-37; see also id. ¶¶ 257-
`58 .) Finjan’s contentions broadly disclosed this theory. (See Contentions at 13-14.) Indeed,
`some of the opinions that Qualys seeks to strike apparently conflate Cloud Agent and network
`scanner functionality. (See, e.g., Medvidovic Report ¶¶ 325-27 (explaining that a Cloud Agent
`provides “an internal view” while the scanner provides an “external view”).) Qualys therefore has
`not shown that these are substantively new theories, as opposed to alternative ways of performing
`the same accused functionality disclosed in contentions. Dr. Medvidovic’s opinions are therefore
`properly considered an application of a theory, rather than a new theory itself.
`
`
`3 Qualys agrees that the Cloud Agent does not itself scan data, which means that the
`“computer” that performs these functions must be the Cloud Platform server associated with the
`Cloud Agent. (Dkt. No. 157 at 3.)
`
`
`5
`
`Northern District of California
`United States District Court
`
`

`

`Case 4:18-cv-07229-YGR Document 188 Filed 04/05/21 Page 6 of 10
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`Accordingly, the Court denies Qualys’ motion to strike the “Cloud Agent” theories.
`
`B.
`Dynamic Building and Detection
`Qualys next argues that Dr. Medvidovic introduces new theories for “dynamic” exploit
`detection, while also accusing new components. Claim 1 requires “dynamically building . . . a
`parse tree” and then “dynamically detecting . . . indicators of potential exploits.”4 (’408 Patent at
`claim 1.) In its contentions, Finjan disclosed that the accused products meet this limitation by
`building XML parse trees “[d]uring the scans.” (Contentions at 15.) While Finjan pointed to
`specific code for the tree building, it did not explain its basis for the contention that this process
`happened during the scan.
`In his report, Dr. Medvidovic opines on the same XML tree theory, and further claims that
`the trees are built “immediately and while data is being received,” pointing to (1) deposition
`testimony, (2) the use of parallelization, (3) evidence that the Qualys backend receives and
`presents “partial results,” and (4) documents describing “real-time” collection. (Medvidovic
`Report ¶¶ 262, 282-86, 290, 298-99, 302-20.) Of these, only parallelization presents an arguably
`new theory; the rest is simply additional evidence that tree building and exploit detection occur
`“during” the scan. Finjan was not obligated to disclose every bit of proof that it intends to rely on
`in its contentions, and Qualys has not shown these to be new theories. See Finjan, Inc. v. Check
`Point Software Techs., Inc., No. 18-cv-02621-WHO, 2019 WL 955000, at *3 (Feb. 27, 2019).
`Qualys separately argues that Finjan accuses new components for the parse tree building in
`the Medvidovic Report by discussing a “Unified Dashboard” that uses “Qualys Query Language”
`that parses queries using a parse tree (Medvidovic Report ¶¶ 267-74) and “Mandate Based
`Reporting” that “use[s] a tree structure.” (Id. ¶¶ 291-92.) Although Finjan claims that these
`features are used by the “QWeb” disclosed in contentions, the theories are new on their face. (See
`id. ¶¶ 266-74 (expressly discussing the Unified Dashboard as separate from the XML parse trees
`discussed above), 291 (expressly discussing “another example” of Mandate Based Reporting as a
`
`
`4 The parties disagree on the construction of these terms. Such claim construction disputes
`are not properly resolved on a motion to strike, and the Court here considers only whether Finjan
`adhered to its previously disclosed theories.
`
`
`6
`
`Northern District of California
`United States District Court
`
`

`

`Case 4:18-cv-07229-YGR Document 188 Filed 04/05/21 Page 7 of 10
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`separate feature). However, the Court cannot determine that the additional evidence related to
`XML trees constitutes a new theory. (Id. ¶¶ 276-81, 287-89, 293-300, 316-320, 303-05, 306-09.)
`Accordingly, the Court strikes the Unified Dashboard and Mandate Based Reporting
`theories only. (Id. ¶¶ 267-74, 291-92.)
`
`C.
`Receiving
`Next, Qualys seeks to strike Dr. Medvidovic’s opinions regarding “Vulnerability Features”
`that practice the limitation of “receiving, by a computer, an incoming stream of program code.”
`Finjan’s contentions state that the accused products receive content “based on a client device
`requesting the content from a source computer, such as the Internet” and “when a particular client
`device requests content provided by a source computer.” (Contentions at 2-4.) Dr. Medvidovic,
`however, opines that the accused “Vulnerability Features” perform their network scans to detect
`vulnerabilities and policy compliance regardless of content requests and may receive data from
`client devices on the same network. (See Medvidovic Report ¶¶ 184-97.)
`The Court has reviewed these portions of the report and cannot determine that they present
`a new theory. In particular, the Court cannot determine that the features described by Dr.
`Medvidovic do not involve a client device requesting content from any source computer. That the
`data is not directly received from the Internet does not appear to be dispositive. Nor is the use of
`internal networks, as opposed to the Internet specifically. Accordingly, the Court denies Qualys’
`motion to strike these theories, without prejudice to renewal should Qualys demonstrate that
`vulnerability scanning is not “based” on requests for content by the client device.5
`
`D.
`Date of First Infringement
`Qualys seeks to preclude Dr. Medvidovic from testifying that infringement occurred “no
`earlier than 2005” (implying that infringement could have occurred in 2005 or later). (Medvidovic
`Report ¶ 21.) In its contentions, Finjan listed November 29, 2018 as the theoretical date of first
`infringement. (Dkt. No. 100-1 at 11.) This is plainly a new theory and is struck. Finjan’s claim
`
`
`5 The parties further dispute the location of the disclosed “receiver,” the use of multiple
`components together, the distinction between the Internet and other “networks,” and Cloud
`Agents. These additional disputes obscure Qualys’ main point.
`7
`
`Northern District of California
`United States District Court
`
`

`

`Case 4:18-cv-07229-YGR Document 188 Filed 04/05/21 Page 8 of 10
`
`
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`that Dr. Medvidovic’s opinion is not about the date of first infringement is disingenuous—the
`heading in the report states “Date of First Infringement.” (See Medvidovic Report § IV.A.)
`However, the Court sees no basis to strike the opinions about current functionality of Qualys
`products, which are not related to dates of infringement. (Id. ¶¶ 262, 277-83.)
`Accordingly, the Court strikes paragraphs 21 and 22 only.
`
`E.
`Doctrine of Equivalents
`Qualys next moves Dr. Medvidovic’s doctrine of equivalents theory for the limitation
`regarding a programming-language specific scanner containing parser rules for the language
`(limitation 1d). (Medvidovic Report ¶¶ 250-53.) Dr. Medvidovic opines that the Qualys Cloud
`Platform performs the same function, in the same way, and with the same results (the “function-
`way-result” test) through software components that take the place of a physical scanner. (Id.) In
`its contentions, Finjan disclosed this exact theory. (See Contentions at 13 (referring to software
`components).) Although Qualys claims these contentions to be “vague,” they are only a little less
`detailed than Dr. Medvidovic’s ultimate opinions.
`Accordingly, the Court denies Qualys’ request to strike the doctrine of equivalents theory.
`
`F.
`Foreign Sales
`Qualys last moves Finjan’s experts’ opinions related to foreign sales, including paragraphs
`172-74 of the Medvidovic Report; paragraphs 1186, 1188-89, and 1871-73 of the Cole Report;
`and paragraphs 8c, 13, 78, 87, 126, Tables 7 and 8, and Attachments B-1, B-2, B-4, B-5, B-6, B-8,
`C-2, and J-1 of the McDuff Report.
`The issue of foreign sales has already been decided: Magistrate Judge Hixson denied
`Finjan’s motion to compel discovery into Qualys’ foreign sales as unsupported by its infringement
`claims, and this Court agreed. (See Dkt. Nos. 105, 152.) As explained by Judge Hixson, “no
`infringement occurs when a patented product is made and sold in another country.” (Dkt. No. 105
`at 1.) This is true for both system and computer-readable medium claims. (Dkt. No. 152 at 2.)
`Finjan’s infringement theories, as stated in its contentions, did not show infringement for products
`sold abroad, so as to make such sales relevant to any claim.
`Finjan now argues that these decisions “did not remove the subject of ‘foreign sales’ from
`8
`
`Northern District of California
`United States District Court
`
`

`

`Case 4:18-cv-07229-YGR Document 188 Filed 04/05/21 Page 9 of 10
`
`
`
`the scope of trial” because the orders were based on theories of “mere development” of the
`accused products in the United States. This claim is baffling. The orders were based on
`infringement theories disclosed in Finjan’s infringement contentions. To the extent that Finjan
`now relies on a different theory, it was not disclosed in contentions. To the extent that it relies on
`the old theory, foreign sales are not relevant.
`Finjan’s experts appear to opine that foreign sales are relevant because non-U.S. customers
`“benefit” from Qualys’ U.S.-based infringement. Dr. Medvidovic and Dr. Cole opine that U.S.
`activities contribute to the “Knowledge Base” of security issues, which increases the value of
`Qualys’ products abroad. (Medvidovic Report ¶ 173; Cole Report ¶ 1188.) They also opine that
`foreign customers benefit from the research and development that takes place in the United States.
`(Medvidovic report ¶ 174; Cole Report ¶ 1189.) As explained in the prior orders, however, Finjan
`has not shown that these activities constitute infringement, so as to permit considering foreign
`sales in damages calculations—and, indeed, the Court previously rejected the U.S. development
`argument. (Dkt. No. 152.) Accordingly, these opinions, together with Dr. McDuff’s opinions that
`consider global sales in a reasonable royalty analysis, are struck.
`
`IV. CONCLUSION
`For the foregoing reasons, the Court STRIKES Dr. Medvidovic’s date of first infringement
`(¶¶ 21, 22), Unified Dashboard (¶¶ 267-74), and Mandate Based Reporting (¶¶ 291-92) theories.
`The Court further strikes Finjan’s experts’ theories related to foreign sales, including:
` Paragraphs 172-74 of the Medvidovic Report;
` Paragraphs 1186, 1188-89, and 1871-73 of the Cole Report; and
` Paragraphs 8c, 13, 78, 87, 126; Tables 7 and 8; and Attachments B-1, B-2, B-4, B-
`5, B-6, B-8, C-2, and J-1 of the McDuff Report (global sales only).
`The remainder of Qualys’ motion to strike is DENIED.6
`
`
`6 The parties’ administrative motions to seal are GRANTED to the extent indicated in the
`supporting declarations only. (Dkt. Nos. 156, 157, 163; see Dkt. Nos. 156-1, 157-1, 161, 165,
`166-67.) The sealed portions contain confidential licensing and financial information, as well as
`some technical information. The parties shall file unredacted versions of the exhibits for which
`good cause has not been shown (e.g., exhibits F and G of the opposition) within seven days.
`9
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`Northern District of California
`United States District Court
`
`

`

`Case 4:18-cv-07229-YGR Document 188 Filed 04/05/21 Page 10 of 10
`
`
`
`IT IS SO ORDERED.
`
`Dated: April 5, 2021
`
`
`
`
`
`
`
`
`
`YVONNE GONZALEZ ROGERS
`UNITED STATES DISTRICT COURT JUDGE
`
`
`
`10
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`Northern District of California
`United States District Court
`
`