`
`RYAN R. SMITH (SBN 229323)
`rsmith@wsgr.com
`CHRISTOPHER D. MAYS (SBN 266510)
`cmays@wsgr.com
`WILSON SONSINI GOODRICH &
`ROSATI
`Professional Corporation
`650 Page Mill Road
`Palo Alto, CA 94304-1050
`Telephone: (650) 493-9300
`Facsimile: (650) 493-6811
`
`EDWARD G. POPLAWSKI (SBN 113590)
`epoplawski@wsgr.com
`OLIVIA M. KIM (SBN 228382)
`okim@wsgr.com
`TALIN GORDNIA (SBN 274213)
`tgordnia@wsgr.com
`STEPHANIE C. CHENG (SBN 319856)
`stephanie.cheng@wsgr.com
`WILSON SONSINI GOODRICH &
`ROSATI
`Professional Corporation
`633 West Fifth Street, Suite 1550
`Los Angeles, CA 90071
`Telephone: (323) 210-2900
`Facsimile: (866) 974-7329
`
`Attorneys for Defendant
`QUALYS INC.
`
`IN THE UNITED STATES DISTRICT COURT
`
`FOR THE NORTHERN DISTRICT OF CALIFORNIA
`
`OAKLAND DIVISION
`
`CASE NO.: 4:18-cv-07229-YGR (TSH)
`
`DEFENDANT QUALYS INC.’S
`RENEWED MOTION TO STRIKE
`PORTIONS OF PLAINTIFF FINJAN
`LLC’S INFRINGEMENT EXPERT
`REPORTS
`
`Judge: Hon. Yvonne Gonzalez
`Rogers
`Date: Tuesday, June 8, 2021
`Time: 2:00pm
`Location: Zoom Teleconference1
`
`))))))))))))))
`
`FINJAN LLC
`
`Plaintiff,
`
`v.
`
`QUALYS INC.,
`
`Defendant.
`
`1 Per the Court’s Notice regarding Civil Law and Motion Calendars and its Order at D.I. 48.
`
`CASE NO. 4:18-cv-07229-YGR
`
`QUALYS RENEWED MOTION TO STRIKE
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`
`
`Case 4:18-cv-07229-YGR Document 194 Filed 05/04/21 Page 2 of 8
`
`NOTICE OF MOTION AND MOTION
`PLEASE TAKE NOTICE that on Tuesday, June 8, 2021 at 2:00pm or as soon thereafter
`as this matter may be heard before Judge Gonzalez Rogers of the United States District Court for
`the Northern District of California via Zoom video conference and/or in Courtroom 1, 4th Floor,
`of 1301 Clay Street in Oakland, California (per the Court’s March 12, 2020 Order (D.I. 48) and its
`Notice regarding Civil Law and Motion Calendars), defendant Qualys Inc. (“Qualys”) will and
`hereby does renew its motion to strike portions of plaintiff Finjan LLC’s (“Finjan”) expert report
`of Dr. Nenad Medvidovic.
`STATEMENT OF ISSUES AND RELIEF REQUESTED
`Qualys seeks an order striking portions of the “Expert Report of Nenad Medvidovic, Ph.D.”
`(“Medvidovic Report”) Medvidovic’s expert report proffers a theory for the ’408 Patent’s
`“receiving an incoming stream of program code” that is entirely different from the theory Finjan
`disclosed in its Local Patent Rule Contentions. This is Qualys’s second motion on this subject; on
`April 5, 2021, the Court issued an Order (D.I. 188) granting in part and denying in part Finjan’s
`motion. With respect to the issue of the “receiving” limitation, the Court denied Qualys’s motion
`“without prejudice to renewal should Qualys demonstrate that vulnerability scanning is not ‘based’
`on requests for content by the client device.” D.I. 188 at 7. Qualys now renews that part of its
`motion to make the showing requested by the Court.2
`Qualys therefore requests that the Court strike Paragraphs 184-185 (to the extent discussing
`the vulnerability scan theory of infringement) and 186-196 of the Medvidovic Report.3
`
`2 Qualys incorporates by reference the parties’ prior briefing on this issue. See D.I. 156-4 at
`12-13; D.I. 163-3 at 12-13; and D.I. 166 at 7-8.
`3 Citations to “Ex. XX” or “Exhibit XX” refer to the exhibits to the Declaration of Christopher D.
`Mays, filed concurrently with this Motion.
`
`CASE NO. 4:18-cv-07229-YGR
`
`i
`
`QUALYS RENEWED MOTION TO STRIKE
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`
`
`Case 4:18-cv-07229-YGR Document 194 Filed 05/04/21 Page 3 of 8
`
`I.
`
`MEMORANDUM OF POINTS AND AUTHORITIES
`INTRODUCTION
`In denying without prejudice Qualys’s first Motion to Strike Portions of Plaintiff Finjan
`LLC’s Infringement and Damages Expert Reports, D.I. 156-4 (“1st MTS”), the Court noted that
`Finjan’s infringement contentions disclosed a single theory for the ’408 Patent’s “receiving…”
`limitation. See D.I. 188 at 7. Namely, that receipt of an incoming stream of program code is based
`on a client device’s request for content. See id. Qualys now renews its motion to strike because
`the vulnerability scans accused in Dr. Medvidovic’s expert report are not based on client devices’
`requests for content.
`Finjan’s expert (Dr. Medvidovic) offers no opinion in his report that any vulnerability scan
`occurs based on any client device requesting content. Dr. Medvidovic’s report (and documents he
`cites) shows that vulnerability scans happen “constantly,” “continuously,” and “automatically.”
`Indeed, Dr. Medvidovic acknowledges that it is Qualys’s scanners (not client devices) that make
`content requests during a scan and that Qualys’s Cloud Agents (which are alternatives to a scanner
`for collecting scan data) collect and send data to the Qualys Cloud Platform for a vulnerability
`scan without ever being prompted to do so. Thus, there is no credible dispute that Medvidovic’s
`infringement theory has no relationship to any client device making a request for content.
`Accordingly, Qualys requests that its renewed Motion be granted.
`II.
`FACTUAL AND PROCEDURAL BACKGROUND
`For the sake of brevity, Qualys incorporates the factual and procedural background from
`its 1st MTS. See D.I. 156-4 at 2-4. The 1st MTS argued, inter alia, that Dr. Medvidovic offered
`a different theory of infringement for an element of the asserted claims of the ’408 Patent (namely,
`the “receiving . . . an incoming stream of program code” element)4 than was disclosed in Finjan’s
`April 19, 2019 Patent L.R. 3-1 infringement contentions. See id. at 12-13.
`On April 5, 2021, the Court issued an Order on Qualys’s 1st MTS. See D.I. 188. Regarding
`the Receiving limitation, the Court stated that it “cannot determine that the features described by
`
`4 Qualys will hereafter refer to this as the “Receiving” limitation.
`1
`
`CASE NO. 4:18-cv-07229-YGR
`
`QUALYS RENEWED MOTION TO STRIKE
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`
`
`Case 4:18-cv-07229-YGR Document 194 Filed 05/04/21 Page 4 of 8
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`Dr. Medvidovic do not involve a client device requesting content from any source computer.” Id.
`at 7. The Court denied the 1st MTS on this issue but granted leave to renew the motion “should
`Qualys demonstrate that vulnerability scanning is not ‘based’ on requests for content by the client
`device.” Qualys therefore renews that portion of its 1st MTS relating to the Receiving limitation
`to demonstrate, as discussed below, how Dr. Medvidovic’s opinions do not involve vulnerability
`scans “based” on requests for content by a client device.
`III.
`ARGUMENT
`A.
`Client Devices are End User Devices that Request Content.
`Dr. Medvidovic himself provided a “technology background” explaining the meaning of
`“client devices” and “content requests.” See Ex. 13 (“Medvidovic Report”) at ¶¶ 44-72.5 As he
`stated,
`
`When users want to communicate with a website, they may run an application
`program, such as Google Chrome, Safari or Internet Explorer on their
`computing devices, which could be a laptop, desktop, smartphone, tablet, or
`other device.
`Ex. 13 at ¶ 45. Dr. Medvidovic referred to a web browser as an example of a client (specifically,
`a “web client.”). See id. at ¶ 48; see also id. at ¶ 55 (referring to a “client computer” as the computer
`that “sends a request to a server computer to initiate a handshake procedure”). Dr. Medvidovic
`explained how a web client requests content by sending a “request” message to a server and
`thereafter receiving a “response” message containing that content. See id. at ¶¶ 45-48. He also
`explained that while other devices (such as gateways) may act as intermediaries that facilitate the
`sending and receiving of such messages/content, the client device remains the “endpoint of the
`communication” with the server. See id. at ¶ 49. Dr. Medvidovic’s discussion of “client devices”
`is consistent with the Court’s June 11, 2020 Claim Construction Order, which construed the term
`“web client” for U.S. Patent No. 6,154,844 (a related patent to the ’408 Patent) to mean “an
`application on the end-user’s computer that requests a downloadable from the web server.” See
`D.I. 74 at 20.
`
`5 Although Qualys previously included an excerpt from Dr. Medvidovic’s Report in its 1st
`MTS, that excerpt did not include certain pages discussed in this renewed Motion. Accordingly,
`Qualys submits a new excerpt of Dr. Medvidovic’s report with all relevant pages for the Court’s
`convenience.
`
`CASE NO. 4:18-cv-07229-YGR
`
`2
`
`QUALYS RENEWED MOTION TO STRIKE
`
`
`
`Case 4:18-cv-07229-YGR Document 194 Filed 05/04/21 Page 5 of 8
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`Thus, a “client device” refers to an application on some end-user’s device and a “content
`request” refers to a request by that client for some content on a network resource such as a server.
`But as shown below, vulnerability scanning in the accused products do not involve client devices
`making such content requests, nor does Dr. Medvidovic offer an opinion to the contrary.
`B.
`Dr. Medvidovic’s New Infringement Theories Do Not Involve Vulnerability
`Scanning Based on A Client Device’s Content Request.
`As articulated in its Infringement Contentions, Finjan’s theory requires that a “client
`device” request content from a source computer and then, based on that request, either the Qualys
`Cloud or the Appliance Scanners receives that content as part of an incoming stream of computer
`code before the content is eventually provided to the “client device.” See D.I. 158-6, Exhibit 5, at
`2-4; D.I. 188 at 7. However, Dr. Medvidovic offers no opinion that any of the accused products
`perform a vulnerability scan “based on” a client device’s request for content.
`Rather, his infringement theory is that vulnerability scans occur independently from client
`devices. As Dr. Medvidovic explains, Qualys’s products: “constantly collect[], assess[] and
`correlates asset and vulnerability information across customers’ cloud instances, on-premises
`systems and mobile endpoints…” Ex. 13 at ¶ 90 (citing Ex. 14, QUALYS00275578); see also id.
`at ¶ 116. Constant collection implies an automated operation, not scanning that occurs only based
`on a client content request. Indeed, Qualys’s documents describe how Qualys’s products gather
`data “automatically,” “continuously,” and (at least for Cloud Agents) without the need to
`“schedule” scans. Ex. 15, QUALYS00112182 at 112183; Ex. 14, QUALYS00275578 at 275585
`(“Our easy-to-deploy appliances and lightweight agents automatically beam up to the Qualys
`Cloud Platform the security and compliance data they’re constantly gathering from customers’ IT
`environments) and 275589 (Cloud Agents “work in real-time without the need to schedule scan
`windows”); Ex. 18 at 62:3-17. Thus, the product configurations Medvidovic accuses operate
`“automatically” and “continuously” to collect data, which is inconsistent with the original theory
`that scans are based on a client device’s content request.
`Further underscoring that Dr. Medvidovic offers no opinion that any vulnerability scanning
`occurs based on a client device’s request for content, his report shows that vulnerability scans are
`performed based on configurations – such as what devices to scan, which scanners to use for the
`
`CASE NO. 4:18-cv-07229-YGR
`
`3
`
`QUALYS RENEWED MOTION TO STRIKE
`
`
`
`Case 4:18-cv-07229-YGR Document 194 Filed 05/04/21 Page 6 of 8
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`scan, and how frequently to perform the scan. See Ex. 13 at ¶ 188 (quoting Qualys engineer
`testimony that “the scanner engine talks to a system in the customer’s network, whichever the
`customer designated to be scanned, and performs network transactions on it. It basically sends
`requests and receives responses back.”). This is likewise confirmed in documents describing the
`operation of the products. See Ex. 16, FINJAN-QUALYS 419612 at 419634-635 (describing how
`to initiate a vulnerability scan by choosing one or more scan targets (“IPs”) and one or more
`scanners) and 419640 (describing how to set frequency of scans); Ex. 18 at 62:3-17 (“you set up
`your scheduled scans in the UI. And then those scans happen periodically, depending on how you
`have set it up.”); Ex. 18 at 62:25-63:6 (“[Y]ou can go in and you can schedule scans. That’s what
`it does. And then depending on how you schedule the scans, those scans get triggered, and the
`scanner does the scanning fand sends the data back up to the platform.”).6
`The Medvidovic Report’s discussion of how the accused scanners and Cloud Agents
`operate further show that his infringement opinions are not based on a client device requesting
`content. For example, Dr. Medvidovic opines that for vulnerability scans using Qualys’s scanner
`engine (i.e., the software within the Scanner Appliance and Virtual Scanner that performs
`vulnerability scanning) the scanner itself—not a client device—makes the content requests. See
`Ex. 13 at ¶ 186 (stating that the scanner engine “performs various network transactions and collects
`data from responses to those transactions.”); id. at ¶ 188 (opining that the scanner engine collects
`data “by initiating a network transaction, and receiving a response to that transaction.”); id.
`(quoting Qualys engineer testimony that the scanner engine “sends requests and receives responses
`back.”); id. at ¶ 190 (describing a “CGI check” scan wherein the scanner engine “send[s] a request
`to a web service, waiting for a response, and interpreting that response.”).7
`Similarly, the Medvidovic Report shows that vulnerability scans involving a Cloud Agent
`are not based on a client device requesting content because a Cloud Agent is a piece of software
`
`6 Moreover, as discussed in more detail below, vulnerability scanning using Cloud Agents is
`fully automated and does not even require scheduling by a customer.
`7 Nor would the scanners themselves be properly considered a “client device” as that term is
`used in the Medvidovic Report, the industry, the Court’s Claim Construction Order, as discussed
`above.
`
`CASE NO. 4:18-cv-07229-YGR
`
`4
`
`QUALYS RENEWED MOTION TO STRIKE
`
`
`
`Case 4:18-cv-07229-YGR Document 194 Filed 05/04/21 Page 7 of 8
`
`installed on an end-user’s computer, but does not receive, send, or process requests for content.
`See id. at ¶¶ 98, 100, 112; Ex. 18 at 62:3-17. For example, as stated in the Medvidovic Report
`(and confirmed in Qualys’s technical documents and its engineers’ deposition testimony), a Cloud
`Agent simply monitors the files, software, and configuration data of the computer on which it is
`installed, and then sends metadata about what it sees to the Qualys’s Cloud Platform. See Ex. 13
`at ¶ 100, 112; see also Ex. 17, FINJAN-QUALYS 042509 at 042513 (cloud agents “continuously
`collect[] metadata); Ex. 15, QUALYS00112182 at 112183 (cloud agents collect information
`without needing to schedule scans); Ex. 18, Bachwani Dep. Tr. at 62:21-63:11 (“you don’t have
`to schedule the scans because the cloud agent is just collecting the data, sending it up). This
`uploading of metadata to the Cloud Platform occurs automatically whenever the Cloud Agent
`detects new or changed information (called “delta uploads”) to the Cloud Platform, and not based
`on any request a client device makes for content. See Ex. 17 FINJAN-QUALYS 042509 at 042525
`(“The first assessment scan in the cloud takes some time, after that scans complete as soon as new
`host metadata is uploaded to the platform . . . scans run instantly on the delta uploads (a few
`kilobytes each).”).
`Thus, regardless of whether the vulnerability scan uses a scanner or a Cloud Agent, Dr.
`Medvidovic abandoned the theory from Finjan’s infringement Contentions. He now improperly
`contends that Qualys infringes based on vulnerability scans occurring independent from a client
`device’s request .
`
`IV.
`
`CONCLUSION
`For the foregoing reasons, the Court should grant Qualys’s motion to strike the opinions of
`Dr. Nenad Medvidovic regarding the Receiving limitation for vulnerability scans (Paragraphs 184-
`185 (to the extent discussing vulnerability scans) and 186-196) as being a different theory from
`the one disclosed in Finjan’s infringement contentions.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`CASE NO. 4:18-cv-07229-YGR
`
`5
`
`QUALYS RENEWED MOTION TO STRIKE
`
`
`
`Case 4:18-cv-07229-YGR Document 194 Filed 05/04/21 Page 8 of 8
`
`Respectfully submitted,
`
`WILSON SONSINI GOODRICH & ROSATI
`
`Dated: May 4, 2021
`
`By:
`
`/s/ Christopher D. Mays
`CHRISTOPHER D. MAYS
`
`Counsel for
`QUALYS INC.
`
`1
`2
`3
`4
`5
`6
`7
`8
`9
`10
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`26
`27
`28
`
`CASE NO. 4:18-cv-07229-YGR
`
`6
`
`QUALYS RENEWED MOTION TO STRIKE
`
`