Case 4:18-cv-07229-YGR Document 198 Filed 05/18/21 Page 1 of 10
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`Philip W. Goter (pro hac vice)
`goter@fr.com
`Robert P. Courtney (CA SBN 248392)
`courtney@fr.com
`FISH & RICHARDSON P.C.
`3200 RBC Plaza
`60 South 6th Street
`Minneapolis, MN 55402
`Phone: (612) 335-5070 /Fax: (612) 288-9696
`
`Proshanto Mukherji (pro hac vice)
`mukherji@fr.com
`FISH & RICHARDSON P.C.
`One Marina Park Drive
`Boston, MA 02210
`Phone: (617) 542-5070/ Fax (617) 542-8906
`
`Juanita R. Brooks (CA SBN 75934)
`brooks@fr.com
`Roger A. Denning (CA SBN 228998)
`denning@fr.com
`Jason W. Wolff (CA SBN 215819)
`wolff@fr.com
`Megan A. Chacon (CA SBN 304912)
`chacon@fr.com
`K. Nicole Williams (CA SBN 291900)
`nwilliams@fr.com
`FISH & RICHARDSON P.C.
`12860 El Camino Real, Suite 400
`San Diego, CA 92130
`Phone: (858) 678-5070 /Fax: (858) 678-5099
`
`Aamir A. Kazi (pro hac vice)
`kazi@fr.com
`Lawrence R. Jarvis (pro hac vice)
`jarvis@fr.com
`Fish and Richardson P.C.
`1180 Peachtree Street Ne 21st Floor
`Atlanta, GA 30309
`Phone: (404) 879-7238/ Fax: 404-892-5002
`
`Attorneys for Plaintiff
`FINJAN LLC
`
`UNITED STATES DISTRICT COURT
`
`NORTHERN DISTRICT OF CALIFORNIA
`
`(OAKLAND DIVISION)
`
`FINJAN LLC, a Delaware Limited Liability
`Company,
`
`Case No. 4:18-cv-07229-YGR (TSH)
`
`Plaintiff,
`
`v.
`
`QUALYS INC., a Delaware Corporation,
`
`Defendant.
`
`FINJAN LLC’S OPPOSITION TO
`QUALYS INC’S RENEWED MOTION TO
`STRIKE PORTIONS OF PLAINTIFF
`FINJAN LLC’S INFRINGEMENT
`EXPERT REPORTS
`
`[REDACTED VERSION OF DOCUMENT
`SOUGHT TO BE SEALED]
`
`June 8, 2021
`DATE:
`2:00 PM
`TIME:
`JUDGE: Hon. Yvonne Gonzalez Rogers
`PLACE:
`Zoom Teleconference
`
`FINJAN OPPO TO MOTION TO STRIKE
`Case No. 4:18-cv-07229-YGR (TSH)
`
`

`

`Case 4:18-cv-07229-YGR Document 198 Filed 05/18/21 Page 2 of 10
`
`TABLE OF CONTENTS
`
`Page
`
`I.
`
`Introduction ......................................................................................................................... 1
`
`II. Background ......................................................................................................................... 2
`
`III. Legal Standard ....................................................................................................................... 3
`
`IV. Argument............................................................................................................................. 3
`
`A. Qualys’s New Motion is Not a Renewal of its Prior Motion ............................................... 3
`
`B. Finjan’s Infringement Contentions Disclose Dr. Medvidovic’s Theory for the “Receiving”
`Limitation ......................................................................................................................... 4
`
`C. Qualys Cannot Show That Vulnerability Scanning is Not Based on Requests from a Client
`Device .............................................................................................................................. 4
`
`D. Qualys’s New Arguments Regarding Cloud Agents Should Be Rejected ............................ 7
`
`V. Conclusion ........................................................................................................................... 8
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`i
`
`FINJAN OPPO TO MOTION TO STRIKE
`Case No. 4:18-cv-07229-YGR (TSH)
`
`

`

`Case 4:18-cv-07229-YGR Document 198 Filed 05/18/21 Page 3 of 10
`
`
`
`I.
`
`INTRODUCTION
`
`Qualys’s renewed motion is flawed procedurally and substantively. In its “renewed”
`
`motion, Qualys expands the reach of the Court’s Order and piles in additional portions of
`
`Dr. Medvidovic’s report, raising issues beyond the Court left open for renewal. And for those
`
`issues the Court denied without prejudice, it fails to address the issue identified by the Court’s
`
`Order: whether the “receiving” limitation occurred “based” on requests from a client device.
`
`To reframe the issue from Qualys’s original motion to strike, at issue was whether
`
`Dr. Medvidovic’s infringement theory exceeded the scope of Finjan’s infringement contentions for
`
`the “receiving . . .” limitation. The relevant limitation requires “receiving, by a computer, an
`
`incoming stream of program code.” There is no limitation that specifies what requested the
`
`incoming stream, though obviously a stream would not be received unless something requested it.
`
`Dr. Medvidovic’s infringement theory and Finjan’s infringement contentions are in alignment:
`
`both refer to the same component (e.g., a scanner) performing the same function (receiving data
`
`from a client device), and Qualys raises no issues concerning the identity of what receives the
`
`incoming stream of program code.
`
`Instead, Qualys’s renewed motion turns on whether Dr. Medvidovic’s infringement report
`
`expressly discusses, as part of his infringement analysis, whether infringement depends on
`
`superfluous language in the contentions (that received data is “based” on a request by a client
`
`device). Although Qualys faults Dr. Medvidovic’s report for not importing limitations into the
`
`claims, he had no reason to provide an opinion on whether an unclaimed step was required.
`
`Notably, Qualys’s expert did not provide any infringement opinions regarding whether
`
`vulnerability scanning is “based” on requests for content by a client device either. See Exh. A
`
`(Rubin Reb. Rpt.) at ¶¶ 169-179.
`
`But what is critically ignored in Qualys’s motion is that Qualys has not “demonstrate[d]
`
`that vulnerability scanning is not ‘based’ on requests for content by the client device,” which was
`
`a prerequisite for renewal. ECF No. 188 at 7. Qualys identifies no evidence that suggests the
`
`receiving limitation does not follow a request for content by a client device. Qualys cannot
`
`because vulnerability scanning is based on requests for content from a client device. Qualys’s
`
`
`
`1
`
`
`
`FINJAN OPPO TO MOTION TO STRIKE
`Case No. 4:18-cv-07229-YGR (TSH)
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`

`

`Case 4:18-cv-07229-YGR Document 198 Filed 05/18/21 Page 4 of 10
`
`
`
`own documentation states that its vulnerability scanning “by default” evaluates “all traffic” on a
`
`network. See Exh. B (QUALYS00453094) at 107 (emphasis added). And network traffic
`
`necessarily involves requests by client devices.
`
`For these and the reasons that follow, the Court should deny Qualys’s motion.
`
`II.
`
`BACKGROUND
`
`Qualys previously filed a motion to strike Dr. Medvidovic’s report for at least seven
`
`different reasons. See ECF No. 156-4. One of Qualys’s arguments was that Dr. Medvidovic’s
`
`infringement theory for limitation 1(a) (“receiving, by a computer, an incoming stream of program
`
`code”) was not properly disclosed in Finjan’s infringement contentions. Id. at 12-13. After
`
`considering Finjan’s infringement contentions, the Court concluded that (1) Finjan’s infringement
`
`contentions refer to the receipt of content based on a request from a client device; and (2) Finjan’s
`
`expert espoused a theory where the accused products may receive content from a client device:
`
`Finjan’s contentions state that the accused products receive content “based on a client
`
`device requesting the content from a source computer, such as the Internet” and
`
`“when a particular client device requests content provided by a source computer.”
`
`(Contentions at 2-4.) Dr. Medvidovic, however, opines that the accused
`
`“Vulnerability Features” perform their network scans to detect vulnerabilities and
`
`policy compliance regardless of content requests and may receive data from client
`
`devices on the same network. (See Medvidovic Report ¶¶ 184-97.)
`
`ECF No. 188 at 7:8-13.
`
`The Court then stated, after reviewing the cited portions of Dr. Medvidovic’s report, it
`
`“cannot determine that they present a new theory.” Id. at 7:14-15. The Court denied Qualys’s
`
`motion, but left open one specific issue: whether the accused vulnerability scanning is “based” on
`
`requests for content by a client device. Id. at 7:18-20.
`
`While Qualys’s motion is purportedly a “renewal” of its motion to strike, it seeks to
`
`expand its mandate, adding new grieves and new portions of Dr. Medvidovic’s report it did not
`
`originally move on, namely ¶¶ 184, 186, 188-194, which were not at issue in its prior motion.
`
`
`
`2
`
`
`
`FINJAN OPPO TO MOTION TO STRIKE
`Case No. 4:18-cv-07229-YGR (TSH)
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`

`

`Case 4:18-cv-07229-YGR Document 198 Filed 05/18/21 Page 5 of 10
`
`
`
`III. LEGAL STANDARD
`
`The Court is familiar with the legal standards for a motion to strike infringement
`
`contentions, which are set forth in Finjan’s opposition to Qualys’s original motion and
`
`incorporated by reference herein. See ECF No. 163-3. For the issue underlying this motion,
`
`Qualys does not cite a single case where a court has struck an infringement report because the
`
`report failed to expressly opine on unclaimed features mentioned in the party’s PLR contentions
`
`IV. ARGUMENT
`
`A.
`
`Qualys’s New Motion is Not a Renewal of its Prior Motion
`
`Qualys’s prior motion sought to strike six paragraphs (¶¶ 185, 187, 195-197 and 214) of
`
`Dr. Medvidovic’s Report relating to the “receiving . . .” limitation. ECF No. 156 at 12:4-5. The
`
`Court denied Qualys’ motion to strike “without prejudice to renewal should Qualys demonstrate
`
`that vulnerability scanning is not ‘based’ on requests for content by the client device.” ECF No.
`
`188. Under the guise of a “renewed” motion, Qualys’s new motion seeks to strike thirteen
`
`paragraphs from Dr. Medvidovic’s report for the “receiving . . .” limitation—only four of which
`
`were included in Qualys’s original motion: ¶¶ 185, 187, 195, 196. ECF No. 194 at 5:21-24. This
`
`is not a “renewal” of Qualys’s prior motion—it is a new motion as to the paragraphs not cited in
`
`the original motion (¶¶ 184, 186, 188-194). And for the paragraphs that Qualys now seeks to
`
`strike referring to Cloud Agents (some or all of ¶¶ 185, 187, 195-196), Qualys’s basis for seeking
`
`to strike those paragraphs was that Finjan did not accuse Cloud Agents at all. ECF No. 156 at 5
`
`(“Finjan’s infringement contentions for the ’408 Patent do not accuse the Cloud Agent of
`
`practicing any limitation of any asserted claim of the ’408 Patent.”). The Court rejected that
`
`argument already, and Qualys should not be allowed a “do over”—the issue was already resolved.
`
`Thus, Qualys’s motion as to paragraphs ¶¶ 184, 186, 188-196 should be denied for
`
`improperly expanding the scope of the original underlying motion. As to the portions of ¶¶ 185,
`
`187, 195-196 that refer to Cloud Agents, Qualys’s motion should be denied as beyond the scope of
`
`the Court’s Order on an issue where Qualys was already heard.
`
`
`
`3
`
`
`
`FINJAN OPPO TO MOTION TO STRIKE
`Case No. 4:18-cv-07229-YGR (TSH)
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`

`

`Case 4:18-cv-07229-YGR Document 198 Filed 05/18/21 Page 6 of 10
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`B.
`
`Finjan’s Infringement Contentions Disclose Dr. Medvidovic’s Theory for the
`
`“Receiving” Limitation
`
`Claim 1 recites “receiving, by a computer, an incoming stream of program code.” Thus,
`
`the “receiving . . .” limitation requires: (1) receiving data at a computer; and (2) that the received
`
`data is program code.1 Dr. Medvidovic’s expert report and Finjan’s infringement contentions set
`
`forth the same theory for these two requirements. Dr. Medvidovic’s infringement theory for this
`
`limitation is that Qualys’s accused products include scanners that receive content. See, e.g., Exh.
`
`C (Medvidovic Op. Rep.) at ¶ 185. Finjan’s infringement contentions identify Qualys scanners as
`
`part of the claimed “computer” that receives content. Exh. D (408 Inf. Chart) at 2-4.
`
`Qualys cannot dispute the above characterization of Finjan’s infringement contentions or
`
`Dr. Medvidovic’s infringement theory. In its original motion, Qualys acknowledged that Finjan’s
`
`infringement contentions identified scanners as the receiving device (i.e., the claimed
`
`“computer”). ECF No. 156-4 at 12:15-17. Qualys also acknowledged that Finjan’s contentions
`
`identified the data received at the scanners from the client computers as the claimed “program
`
`code.” Id. at 13:1-3 (contending that Finjan’s contentions refer to the receipt of content from a
`
`client device). Finally, Qualys acknowledged that Dr. Medvidovic’s infringement theory is that
`
`scanners perform the receiving step. Id. at 12:21-24 (“
`
`
`
`”).
`
`Thus, there is no dispute that both Finjan’s infringement contentions and Dr. Medvidovic’s
`
`infringement analysis both refer to a scanner receiving content as an example of “receiving, by a
`
`computer, an incoming stream of program code.”
`
`C.
`
`Qualys Cannot Show That Vulnerability Scanning is Not Based on Requests
`
`from a Client Device
`
`Because Finjan’s infringement contentions disclosed both the component (scanner)
`
`responsible for performing the claimed “receiving . . .” and the implicated functionality (receipt of
`
`data in the form of program code), the Court permitted Qualys to renew its motion if it could
`
`“demonstrate that vulnerability scanning is not ‘based’ on requests for content by the client
`
`
`1 Asserted Claim 22 only requires receiving data.
`
`4
`
`
`
`FINJAN OPPO TO MOTION TO STRIKE
`Case No. 4:18-cv-07229-YGR (TSH)
`
`

`

`Case 4:18-cv-07229-YGR Document 198 Filed 05/18/21 Page 7 of 10
`
`
`
`device.” ECF No. 188 at 7. Qualys does not make the showing required by the Order. For
`
`example, Qualys cites no source code, technical documents, logs or expert testimony
`
`demonstrating that the receiving function in vulnerability scanning is not based on requests for
`
`content by a client device.
`
`Qualys’s entire argument seems to be that Finjan’s expert did not expressly opine that
`
`vulnerability scans are also “based” on a client device requesting content. See ECF No. 194 at
`
`1:10-18; id. at 3:11-12; 3:26-28.2 While it is true Dr. Medvidovic did not expressly opine that a
`
`client device must request content for there to be infringement, the reason is not because
`
`Dr. Medvidovic created a new theory infringement not present in the contentions. Rather, the
`
`reason is the claims do not require vulnerability scans to be “based” on a client device
`
`requesting content. This is precisely why Qualys’s technical expert has not disputed infringement
`
`on this basis (he instead argues whether the received content may be fairly characterized as the
`
`claimed “program code”). Exh. A (Rubin Reb. Rep.) at ¶¶ 169-179.
`
`Regardless, vulnerability scanning is “based” on request(s) from client devices. Qualys’s
`
`products operate in a client-server system. See, e.g., Exh. D (408 Inf. Chart) at 2; Exh. A (Rubin
`
`Reb. Rep.) at ¶¶ 102-103; Exh. C (Medvidovic Op. Rep.) at ¶¶ 90-93. Devices in such an
`
`architecture communicate with each other through a series of requests from client devices and
`
`responses from servers. For example, Qualys’s expert included a figure in his report with
`
`annotations (original or his own) that show exemplary communications in the Qualys system,
`
`including requests initiated by a device acting as a client device and content that is returned from a
`
`server and received by the Qualys scanners:
`
`
`2 Qualys argues about the proper construction of a “client device” in its motion (ECF No. 194 at
`2-3); however, its claim construction arguments are irrelevant since “client device” is not a term
`recited in the claims.
`
`
`
`5
`
`
`
`FINJAN OPPO TO MOTION TO STRIKE
`Case No. 4:18-cv-07229-YGR (TSH)
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`

`

`Case 4:18-cv-07229-YGR Document 198 Filed 05/18/21 Page 8 of 10
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`Exh. A (Rubin Reb. Rep.) at ¶ 97.
`
`
`
`While the annotations are not described in Dr. Rubin’s report, the figure generally reflects
`
`a typical client-server architecture that allows communications between the client and the server,
`
`including communications initiated by a client device requesting content. Qualys’s scanners scan
`
`these communications, as its documentation acknowledges. It states that a scanner is “[b]y
`
`default” configured to scan “all traffic” to the Qualys cloud:
`
`By default the Scanner LAN interface services all traffic to the Qualys Cloud
`
`Platform, including management traffic (software updates, health check, scan data
`
`upload) and scanning traffic.
`
`See Exh. B (QUALYS00453094) at 107 (emphasis added). Qualys’s argument, which appears to
`
`be that the only traffic that is scanned is that retrieved by a scanner, contradicts its own
`
`documents, which refer to scanning all traffic.
`
`In fact, Qualys’s expert produced an untimely spreadsheet with his rebuttal report that
`
`identified tens of thousands of potential exploits that could be detected in a Qualys vulnerability
`
`scan, including potential exploits relating to commands used in a client-server system, such as
`
`HTTP Get, HTTP Post, or an HTTP Response. See, e.g., Exh. E (QUALYS-RUBIN0911
`
`(Vulnerability Spreadsheet)) at QID 86391
`
`, QID 86571 (“
`
`”), QID 86427 (“
`
`
`
`
`
`
`
`
`
`6
`
`
`
`FINJAN OPPO TO MOTION TO STRIKE
`Case No. 4:18-cv-07229-YGR (TSH)
`
`

`

`Case 4:18-cv-07229-YGR Document 198 Filed 05/18/21 Page 9 of 10
`
`
`
`86372 (“
`
`(“
`
`”), QID 86580 (“
`
`”), QID
`
`”), QID 86455
`
`”), QID 87026 (“
`
`
`
`”). Qualys’s expert
`
`admits that client devices make requests and receive server responses (i.e., HTTP Requests and
`
`HTTP Responses). See Exh. A (Rubin Reb. Rep.) at ¶¶ 113-117 (discussing HTTP Request and
`
`HTTP GET, HTTP Post, and HTTP Response). Thus, when Qualys’s vulnerability product
`
`examines these types of potential exploits received over the network, the scanner would receive
`
`content “based on” a client device having first requested content, such as through an HTTP GET
`
`request.
`
`Lastly, Qualys sows confusion by arguing that the frequency (e.g., “constantly”,
`
`“continuously”, etc.) and manner (e.g., “automatically”, in response to a “configuration,” etc.) in
`
`which data is collected is informative as to whether data is received “based” on a request from a
`
`client device. These arguments are a red herring and more properly directed to a summary
`
`judgment motion. The Court’s order focused on whether the accused functionality was “based” on
`
`requests from the client device, not their periodicity or whether the client requests are automatic.
`
`Infringement does not depend on any of these issues, which are raised for the first time in
`
`Qualys’s renewed motion.
`
`Accordingly, Qualys has not demonstrated that the accused vulnerability scanning is not
`
`based on requests for content by the client device.
`
`D.
`
`Qualys’s New Arguments Regarding Cloud Agents Should Be Rejected
`
`While the above arguments apply to all theories, Qualys makes new arguments against
`
`Cloud Agents, which are flawed for a different and additional reason. The entire premise for
`
`Qualys’s argument is that a Cloud Agent “does not receive, send, or process requests for content.”
`
`Id. Yet Qualys was supposed to “demonstrate that vulnerability scanning is not ‘based’ on
`
`requests for content by the client device.” ECF No. 188 at 7 (emphasis added). A Cloud Agent is
`
`installed on a client device, but it is irrelevant whether the Cloud Agent itself sends requests for
`
`
`
`7
`
`
`
`FINJAN OPPO TO MOTION TO STRIKE
`Case No. 4:18-cv-07229-YGR (TSH)
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`

`

`Case 4:18-cv-07229-YGR Document 198 Filed 05/18/21 Page 10 of 10
`
`
`
`content. Qualys does not dispute the client devices request content, which is the relevant inquiry.
`
`See Exh. A (Rubin Reb. Rep.) at ¶¶ 169-179.
`
`For example, after new data is received at the client device (which would be in response to
`
`a request for that data), Dr. Medvidovic opines that the Cloud Agent on that client device collects
`
`data and sends it to the Qualys Cloud Platform for analysis:
`
`Exh. C (Medvidovic Op. Rep.) at ¶ 196 (internal citations omitted).
`
`
`
`
`
`
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`Accordingly, Qualys’s additional arguments about Cloud Agents should be denied too.
`
`11
`
`V.
`
`CONCLUSION
`
`For the reasons set forth herein, the Court should deny Qualys’s motion.
`
`
`Dated: May 18, 2021
`
`
`
`/s/ Jason Wolff
`Jason. W. Wolff
`
`Attorneys for Plaintiff
`FINJAN LLC.
`
`
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`
`
`8
`
`
`
`FINJAN OPPO TO MOTION TO STRIKE
`Case No. 4:18-cv-07229-YGR (TSH)
`
`