Case 5:17-cv-04467-BLF Document 1 Filed 08/04/17 Page 1 of 72
`
`
`
`PAUL ANDRE (State Bar No. 196585)
`pandre@kramerlevin.com
`LISA KOBIALKA (State Bar No. 191404)
`lkobialka@kramerlevin.com
`JAMES HANNAH (State Bar No. 237978)
`jhannah@kramerlevin.com
`KRAMER LEVIN NAFTALIS & FRANKEL LLP
`990 Marsh Road
`Menlo Park, CA 94025
`Telephone: (650) 752-1700
`Facsimile: (650) 752-1800
`
`Attorneys for Plaintiff
`FINJAN, INC.
`
`
`IN THE UNITED STATES DISTRICT COURT
`
`FOR THE NORTHERN DISTRICT OF CALIFORNIA
`
`FINJAN, INC., a Delaware Corporation,
`
`
`
`
`
`
`Plaintiff,
`
`v.
`
`
`SONICWALL, INC., a Delaware Corporation,
`
`
`Defendant.
`
`
`
`
`
`
`Case No.:
`
`COMPLAINT FOR PATENT
`INFRINGEMENT
`
`DEMAND FOR JURY TRIAL
`
`
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`____________________________________________________________________________________
`COMPLAINT FOR PATENT INFRINGEMENT
`CASE NO.
`
`

`

`Case 5:17-cv-04467-BLF Document 1 Filed 08/04/17 Page 2 of 72
`
`
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`Plaintiff Finjan, Inc. (“Finjan”) files this Complaint for Patent Infringement and Demand for
`
`Jury Trial against SonicWall, Inc. (“Defendant” or “SonicWall”) and alleges as follows:
`
`THE PARTIES
`
`1.
`
`Finjan is a Delaware Corporation with its principal place of business at 2000 University
`
`Avenue, Suite 600 in E. Palo Alto, California 94303.
`2.
`
`Defendant is a Delaware Corporation with its headquarters and principal place of
`
`business at 5455 Great American Parkway in Santa Clara, California 95054. Defendant may be served
`
`through its agent for service of process, CSC, at 2710 Gateway Oaks Dr. Ste. 150N in Sacramento,
`
`California 95833.
`
`JURISDICTION AND VENUE
`
`3.
`
`This action arises under the Patent Act, 35 U.S.C. § 101 et seq. This Court has original
`
`jurisdiction over this controversy pursuant to 28 U.S.C. §§ 1331 and 1338.
`4.
`5.
`
`This Court has personal jurisdiction over Defendant. Upon information and belief,
`
`Venue is proper in this Court pursuant to 28 U.S.C. §§ 1391(b) and (c) and/or 1400(b).
`
`Defendant is headquartered and has its principal place of business in this District (Santa Clara,
`
`California). Defendant also regularly and continuously does business in this District and has infringed
`
`or induced infringement, and continues to do so, in this District. In addition, the Court has personal
`
`jurisdiction over Defendant because minimum contacts have been established with the forum and the
`
`exercise of jurisdiction would not offend traditional notions of fair play and substantial justice.
`
`INTRADISTRICT ASSIGNMENT
`
`6.
`
`Pursuant to Local Rule 3-2(c), Intellectual Property Actions are assigned on a district-
`
`wide basis.
`
`FINJAN’S INNOVATIONS
`
`7.
`
`Finjan was founded in 1997 as a wholly-owned subsidiary of Finjan Software Ltd., an
`
`Israeli corporation. In 1998, Finjan moved its headquarters to San Jose, California. Finjan was a
`
`pioneer in developing proactive security technologies capable of detecting previously unknown and
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`1
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 5:17-cv-04467-BLF Document 1 Filed 08/04/17 Page 3 of 72
`
`
`
`emerging online security threats, recognized today under the umbrella term “malware.” These
`
`technologies protect networks and endpoints by identifying suspicious patterns and behaviors of
`
`content delivered over the Internet. Finjan has been awarded, and continues to prosecute, numerous
`
`patents covering innovations in the United States and around the world resulting directly from Finjan’s
`
`more than decades-long research and development efforts, supported by a dozen inventors and over
`
`$65 million in R&D investments.
`8.
`
`Finjan built and sold software, including application program interfaces (APIs) and
`
`appliances for network security, using these patented technologies. These products and related
`
`customers continue to be supported by Finjan’s licensing partners. At its height, Finjan employed
`
`nearly 150 employees around the world building and selling security products and operating the
`
`Malicious Code Research Center, through which it frequently published research regarding network
`
`security and current threats on the Internet. Finjan’s pioneering approach to online security drew
`
`equity investments from two major software and technology companies, the first in 2005 followed by
`
`the second in 2006. Finjan generated millions of dollars in product sales and related services and
`
`support revenues through 2009, when it spun off certain hardware and technology assets in a merger.
`
`Pursuant to this merger, Finjan was bound to a non-compete and confidentiality agreement, under
`
`which it could not make or sell a competing product or disclose the existence of the non-compete
`
`clause. Finjan became a publicly traded company in June 2013, capitalized with $30 million. After
`
`Finjan’s obligations under the non-compete and confidentiality agreement expired in March 2015,
`
`Finjan re-entered the development and production sector of secure mobile products for the consumer
`
`market.
`
`FINJAN’S ASSERTED PATENTS
`
`9.
`
`On November 28, 2000, U.S. Patent No. 6,154,844 (“the ‘844 Patent”), titled SYSTEM
`
`AND METHOD FOR ATTACHING A DOWNLOADABLE SECURITY PROFILE TO A
`
`DOWNLOADABLE, was issued to Shlomo Touboul and Nachshon Gal. A true and correct copy of
`
`the ‘844 Patent is attached to this Complaint as Exhibit 1 and is incorporated by reference herein.
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`2
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 5:17-cv-04467-BLF Document 1 Filed 08/04/17 Page 4 of 72
`
`
`
`10.
`
`All rights, title, and interest in the ‘844 Patent have been assigned to Finjan, who is the
`
`sole owner of the ‘844 Patent. Finjan has been the sole owner of the ‘844 Patent since its issuance.
`11.
`
`The ‘844 Patent is generally directed towards computer networks, and more
`
`particularly, provides a system that protects devices connected to the Internet from undesirable
`
`operations from web-based content. One of the ways this is accomplished is by linking a security
`
`profile to such web-based content to facilitate the protection of computers and networks from
`
`malicious web-based content.
`12.
`
`On June 6, 2006, U.S. Patent No. 7,058,822 (“the ‘822 Patent”), titled MALICIOUS
`
`MOBILE CODE RUNTIME MONITORING SYSTEM AND METHODS, was issued to Yigal
`
`Mordechai Edery, Nimrod Itzhak Vered, David R. Kroll, and Shlomo Touboul. A true and correct
`
`copy of the ‘822 Patent is attached to this Complaint as Exhibit 2 and is incorporated by reference
`
`herein.
`
`13.
`
`All rights, title, and interest in the ‘822 Patent have been assigned to Finjan, who is the
`
`sole owner of the ‘822 Patent. Finjan has been the sole owner of the ‘822 Patent since its issuance.
`14.
`
`The ‘822 Patent is generally directed towards computer networks and more particularly
`
`provides a system that protects devices connected to the Internet from undesirable operations from
`
`web-based content. One of the ways this is accomplished is by determining whether any part of such
`
`web-based content can be executed and then trapping such content and neutralizing possible harmful
`
`effects using mobile protection code. Additionally, the system provides a way to analyze such web-
`
`content to determine whether it can be executed.
`15.
`
`On October 12, 2004, U.S. Patent No. 6,804,780 (“the ‘780 Patent”), titled SYSTEM
`
`AND METHOD FOR PROTECTING A COMPUTER AND A NETWORK FROM HOSTILE
`
`DOWNLOADABLES, was issued to Shlomo Touboul. A true and correct copy of the ‘780 Patent is
`
`attached to this Complaint as Exhibit 3 and is incorporated by reference herein.
`16.
`
`All rights, title, and interest in the ‘780 Patent have been assigned to Finjan, who is the
`
`sole owner of the ‘780 Patent. Finjan has been the sole owner of the ‘780 Patent since its issuance.
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`3
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 5:17-cv-04467-BLF Document 1 Filed 08/04/17 Page 5 of 72
`
`
`
`17.
`
`The ‘780 Patent is generally directed towards methods and systems for generating a
`
`Downloadable ID. By generating an identification for each examined Downloadable, the system may
`
`allow for the Downloadable to be recognized without reevaluation. Such recognition increases
`
`efficiency while also saving valuable resources, such as memory and computing power.
`18.
`
`On November 3, 2009, U.S. Patent No. 7,613,926 (“the ‘926 Patent”), titled METHOD
`
`AND SYSTEM FOR PROTECTING A COMPUTER AND A NETWORK FROM HOSTILE
`
`DOWNLOADABLES, was issued to Yigal Mordechai Edery, Nimrod Itzhak Vered, David R. Kroll,
`
`and Shlomo Touboul. A true and correct copy of the ‘926 Patent is attached to this Complaint as
`
`Exhibit 4 and is incorporated by reference herein.
`19.
`
`All rights, title, and interest in the ‘926 Patent have been assigned to Finjan, who is the
`
`sole owner of the ‘926 Patent. Finjan has been the sole owner of the ‘926 Patent since its issuance.
`20.
`
`The ‘926 Patent is generally directed towards methods and systems for protecting a
`
`computer and a network from hostile downloadables. One of the ways this is accomplished is by
`
`performing hashing on a downloadable in order to generate a downloadable ID, retrieving security
`
`profile data, and transmitting an appended downloadable or transmitting the downloadable with a
`
`representation of the downloadable security profile data.
`21.
`
`On January 12, 2010, U.S. Patent No. 7,647,633 (“the ‘633 Patent”), titled
`
`MALICIOUS MOBILE CODE RUNTIME MONITORING SYSTEM AND METHODS, was issued
`
`to Yigal Mordechai Edery, Nimrod Itzhak Vered, David R. Kroll, and Shlomo Touboul. A true and
`
`correct copy of the ‘633 Patent is attached to this Complaint as Exhibit 5 and is incorporated by
`
`reference herein.
`22.
`
`All rights, title, and interest in the ‘633 Patent have been assigned to Finjan, who is the
`
`sole owner of the ‘633 Patent. Finjan has been the sole owner of the ‘633 Patent since its issuance.
`23.
`
`The ‘633 Patent is generally directed towards computer networks and, more
`
`particularly, provides a system that protects devices connected to the Internet from undesirable
`
`operations from web-based content. One of the ways this is accomplished is by determining whether
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`4
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 5:17-cv-04467-BLF Document 1 Filed 08/04/17 Page 6 of 72
`
`
`
`any part of such web-based content can be executed and then trapping such content and neutralizing
`
`possible harmful effects using mobile protection code.
`24.
`
`On March 20, 2012, U.S. Patent No. 8,141,154 (“the ‘154 Patent”), titled SYSTEM
`
`AND METHOD FOR INSPECTING DYNAMICALLY GENERATED EXECUTABLE CODE, was
`
`issued to David Gruzman and Yuval Ben-Itzhak. A true and correct copy of the ‘154 Patent is attached
`
`to this Complaint as Exhibit 6 and is incorporated by reference herein.
`25.
`
`All rights, title, and interest in the ‘154 Patent have been assigned to Finjan, who is the
`
`sole owner of the ‘154 Patent. Finjan has been the sole owner of the ‘154 Patent since its issuance.
`26.
`
`The ‘154 Patent is generally directed towards a gateway computer protecting a client
`
`computer from dynamically generated malicious content. One of the ways this is accomplished is by
`
`using a content processor to process a first function and invoke a second function if a security
`
`computer indicates that it is safe to invoke the second function.
`27.
`
`On March 18, 2014, U.S. Patent No. 8,677,494 (“the ‘494 Patent”), titled MALICIOUS
`
`MOBILE CODE RUNTIME MONITORING SYSTEM AND METHODS, was issued to Yigal
`
`Mordechai Edery, Nimrod Itzhak Vered, David R. Kroll, and Shlomo Touboul. A true and correct
`
`copy of the ‘494 Patent is attached to this Complaint as Exhibit 7 and is incorporated by reference
`
`herein.
`
`28.
`
`All rights, title, and interest in the ‘494 Patent have been assigned to Finjan, who is the
`
`sole owner of the ‘494 Patent. Finjan has been the sole owner of the ‘494 Patent since its issuance.
`29.
`
`The ‘494 Patent is generally directed towards a method and system for deriving security
`
`profiles and storing the security profiles. One of the ways this is accomplished is by deriving a
`
`security profile for a downloadable, which includes a list of suspicious computer operations, and
`
`storing the security profile in a database.
`30.
`
`On July 5, 2011, U.S. Patent No. 7,975,305 (“the ‘305 Patent”), titled METHOD AND
`
`SYSTEM FOR ADAPTIVE RULE-BASED CONENT SCANNERS FOR DESKTOP COMPUTERS,
`
`was issued to Moshe Rubin, Moshe Matitya, Artem Melnick, Shlomo Touboul, Alexander Yermakov,
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`5
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 5:17-cv-04467-BLF Document 1 Filed 08/04/17 Page 7 of 72
`
`
`
`and Amit Shaked. A true and correct copy of the ‘305 Patent is attached to this Complaint as Exhibit 8
`
`and is incorporated by reference herein.
`31.
`
`All rights, title, and interest in the ‘305 Patent have been assigned to Finjan, who is the
`
`sole owner of the ‘305 Patent. Finjan has been the sole owner of the ‘305 Patent since its issuance.
`32.
`
`The ‘305 Patent is generally directed towards network security and, in particular, rule
`
`based scanning of web-based content for exploits. One of the ways this is accomplished is by using
`
`parser and analyzer rules to describe computer exploits as patterns of types of tokens. Additionally,
`
`the system provides a way to keep these rules updated.
`33.
`
`On July 17, 2012, U.S. Patent No. 8,225,408 (“the ‘408 Patent”), entitled METHOD
`
`AND SYSTEM FOR ADAPTIVE RULE-BASED CONTENT SCANNERS, was issued to Moshe
`
`Rubin, Moshe Matitya, Artem Melnick, Shlomo Touboul, Alexander Yermakov and Amit Shaked. A
`
`true and correct copy of the ‘408 Patent is attached to this First Supplemental Complaint as Exhibit 9
`
`and is incorporated by reference herein.
`34.
`
`All rights, title, and interest in the ‘408 Patent have been assigned to Finjan, who is the
`
`sole owner of the ‘408 Patent. Finjan has been the sole owner of the ‘408 Patent since its issuance.
`35.
`
`The ‘408 Patent is generally directed towards network security and, in particular, rule
`
`based scanning of web-based content for a variety of exploits written in different programming
`
`languages. One of the ways this is accomplished is by expressing the exploits as patterns of tokens.
`
`Additionally, the system provides a way to analyze these exploits by using a parse tree.
`36.
`
`On November 15, 2005, U.S. Patent No. 6,965,968 (“the ‘968 Patent”), titled METHOD
`
`AND SYSTEM FOR ADAPTIVE RULE-BASED CONENT SCANNERS FOR DESKTOP
`
`COMPUTERS, was issued to Moshe Rubin, Moshe Matitya, Artem Melnick, Shlomo Touboul,
`
`Alexander Yermakov, and Amit Shaked. A true and correct copy of the ‘968 Patent is attached to this
`
`Complaint as Exhibit 10 and is incorporated by reference herein.
`37.
`
`All rights, title, and interest in the ‘968 Patent have been assigned to Finjan, who is the
`
`sole owner of the ‘968 Patent. Finjan has been the sole owner of the ‘968 Patent since its issuance.
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`6
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 5:17-cv-04467-BLF Document 1 Filed 08/04/17 Page 8 of 72
`
`
`
`38.
`
`The ‘968 Patent is generally directed towards methods and systems for enabling policy-
`
`based cache management to determine if digital content is allowable relative to a policy. One of the
`
`ways this is accomplished is scanning digital content to derive a content profile and determining
`
`whether the digital content is allowable for a policy based on the content profile.
`
`FINJAN’S NOTICE OF INFRINGEMENT TO DEFENDANT
`
`39.
`
`Finjan and Defendant’s patent discussions date back to June 2014, while Defendant was
`
`a subsidiary of Dell, Inc. Finjan contacted Defendant on or about June 10, 2014, regarding a potential
`
`license to Finjan’s patents, stating “Finjan owns a patent portfolio covering behavior-based and anti-
`
`malware security resulting from its R&D investments” and “we believe a license to Finjan’s patent
`
`portfolio could be beneficial” to the company. Finjan offered to provide Defendant with preliminary
`
`claim charts so that Defendant could evaluate Finjan’s patent portfolio.
`40.
`
`On July 8, 2014, Finjan provided Defendant with a written report detailing how its NSA
`
`products and its Gateway Anti-Virus and Anti-Spyware products relate to the ‘822 Patent. On
`
`September 17, 2014, Finjan emailed Defendant two more written reports, detailing how those same
`
`products relate to the ‘780 Patent, and also how its Comprehensive Gateway Security Suite relates to
`
`the ‘968 Patent. In that September 17, 2014 email, Finjan also informed Defendant of the ‘844 Patent
`
`and offered to share another written report relating Defendant’s products to the ‘844 Patent, if
`
`Defendant agreed to sign a mutual non-disclosure agreement.
`41.
`
`Finjan met with Defendant’s representatives in Round Rock, Texas on or about October
`
`2, 2014. During that meeting, Finjan discussed the ‘822 Patent, the ‘780 Patent, the ‘968 Patent, and
`
`the ‘844 Patent in detail, including how those patents relate to Defendant’s products. Finjan met with
`
`Defendant’s representatives again on or about February 13, 2015, to discuss Finjan’s patents and how
`
`they read on Defendant’s products, in detail. But despite these meetings and multiple emails,
`
`Defendant rejected, without providing a single substantive explanation as to why any of the Accused
`
`products do not infringe any of the Asserted Patents, Finjan’s offer to take a license to Finjan’s patents.
`42.
`
`On or around May 2015, Finjan contacted Defendant again about taking a license to
`
`Finjan’s patents. Finjan met with Defendant’s representatives on or about June 16, 2016, to discuss
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`7
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 5:17-cv-04467-BLF Document 1 Filed 08/04/17 Page 9 of 72
`
`
`
`Finjan’s patents and how they read on Defendant’s products, and exchanged multiple emails with
`
`Defendant regarding a potential license to Finjan’s patents from May to October 2016.
`43.
`
`On or about October 12, 2016, Finjan met with Defendant’s representatives again in
`
`Round Rock, Texas regarding Defendant taking a license to Finjan’s patents. On or about November
`
`1, 2016, Finjan emailed a presentation to Defendant that summarized the discussions the parties had on
`
`or about October 12, 2016 in Texas. This presentation again identified every one of Finjan’s patents
`
`that are asserted in this case to Defendant, and detailed how a number of Defendant’s products –
`
`including Advanced Threat Protection, Web Application Firewall, Content Filtering Service, and
`
`Gateway Anti-Virus and Anti-Spyware – relate to Finjan’s patents. Finjan also proposed a detailed
`
`“Licensing Solution” to Defendant at the October 12, 2016 meeting and in the presentation emailed on
`
`November 1, 2016. But Defendant refused to take a license.
`44.
`
`On or about November 1, 2016, Dell sold Defendant to private equity firm, Francisco
`
`Partners and Elliott Management. On or about March 28, 2017, Finjan contacted Defendant again
`
`regarding a potential license to Finjan’s patents. In a March 28, 2017 email, Finjan specifically
`
`identified the ‘844 Patent, ‘494 Patent, ‘968 Patent, ‘822 Patent, ‘633 Patent, ‘305 Patent, and the ‘154
`
`Patent, all of which are asserted in this case. Finjan also specifically identified and related those
`
`patents to a number of Defendant’s products and services, including: Capture Advanced Threat
`
`Protection; Advanced Gateway Security Suite; TotalSecure Bundle; Comprehensive Gateway Security
`
`Suite; Gateway Security Services; Malware Prevention; Content Filtering Service; Web Application
`
`Firewall; the SRA Series Appliances; the SuperMassive Series Appliances; the NSA Series
`
`Appliances; the TZ Series Appliances; the Email Security Appliances; and the SOHO Series
`
`Appliances. Despite Finjan’s consistent and earnest efforts from June 2014 to March 2017, Defendant
`
`refused to take a license to Finjan’s patents. At no time did Defendant provide any explanation as to
`
`how any of the Accused Products do not infringe any of the Asserted Patents.
`
`SONICWALL
`
`45.
`
`Defendant makes, uses, sells, offers for sale, and/or imports into the United States and
`
`this District products and services that utilize the SonicWall Appliance Products, SonicWall Email
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`8
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 5:17-cv-04467-BLF Document 1 Filed 08/04/17 Page 10 of 72
`
`
`
`Security Products, SonicWall Capture Advanced Threat Protection Service (“Capture ATP”), and
`
`SonicWall Gateway Security Services. See: https://www.sonicwall.com/en-
`
`us/products/firewalls/security-services/capture-advanced-threat-protection;
`
`https://www.sonicwall.com/en-us/products/firewalls/security-services/comprehensive-gateway-
`
`security-suite; and https://www.sonicwall.com/en-us/products/firewalls/security-services/advanced-
`
`gateway-security-suite, attached hereto as Exhibits 11-13.
`
`The SonicWall Appliance Products
`
`46.
`
`Defendant’s SuperMassive Series is Defendant’s next-generation firewall platform
`
`designed for large networks, including enterprise, government, education, retail, healthcare, and
`
`service provider networks, among others. Defendant’s SuperMassive Series appliances can subscribe
`
`to Capture ATP and to Gateway Security Services. Defendant’s SuperMassive Series appliances
`
`include: the SuperMassive E10000 Series (including but not limited to the E10400 and E10800) and
`
`the SuperMassive 9000 Series (including but not limited to the 9200, 9400, 9600, and 9800)
`
`(collectively, “SuperMassive Series Appliances”). See
`
`https://www.sonicwall.com/SonicWall.com/files/26/268d704a-d513-4830-886e-6bbfae67e930.pdf,
`
`attached hereto as Exhibit 14.
`47.
`
`Defendant’s Network Security Appliances (“NSA”) Series is Defendant’s next-
`
`generation firewall platform designed for organizations of all sizes. Defendant’s NSA Series
`
`appliances can subscribe to Capture ATP and to Gateway Security Services. Defendant’s NSA Series
`
`appliances include, but are not limited to, the NSA 2600, NSA 3600, NSA 4600, NSA 5600, and the
`
`NSA 6600 (collectively, “NSA Series Appliances”). See
`
`http://www.sonicguard.com/datasheets/nsa/DS_NSA_Series_US-new.pdf, attached hereto as Exhibit
`
`15. See also https://www.sonicwall.com/SonicWall.com/files/e1/e16f7df3-a203-40d4-b751-
`
`7f241db24c36.pdf, attached hereto as Exhibit 16.
`48.
`
`Defendant’s TZ Series is Defendant’s Unified Threat Management (“UTM”) firewall
`
`series designed to provide enterprise-grade network protection to organizations of all sizes, including
`
`emerging enterprises and retail or branch offices. Defendant’s TZ Series appliances can subscribe to
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`9
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 5:17-cv-04467-BLF Document 1 Filed 08/04/17 Page 11 of 72
`
`
`
`Capture ATP and to Gateway Security Services. Defendant’s TZ Series appliances include, but are not
`
`limited to, Defendant’s TZ300, TZ400, TZ500, TZ600, and SOHO series (collectively, “TZ Series
`
`Appliances”). See https://www.sonicwall.com/SonicWall.com/files/1f/1f1e879e-c911-4aaf-9b8c-
`
`3f1f34836e96.pdf , attached hereto as Exhibit 17.
`49.
`
`The SuperMassive Series, NSA Series, and TZ Series Appliances are collectively
`
`referred to as the “Appliance Products” herein.
`50.
`
`Defendant’s WAN Acceleration Appliance (“WXA”) Series is Defendant’s WAN
`
`optimizer platform, designed to eliminate performance bottlenecks, enhance application transfer
`
`performance, and prioritize traffic. Defendant’s WXA Series appliances work with Defendant’s next
`
`generation firewall products and Capture ATP. Defendant’s WXA Series products include, but are not
`
`limited to, the WXA 500 Software, the WXA 2000, the WXA 4000, the EXA 5000 Virtual Appliance,
`
`and the EXA 6000 Software (collectively, “WXA Series Appliances”). See
`
`https://www.sonicwall.com/en-us/products/firewalls/wan-acceleration, attached hereto as Exhibit 18;
`
`see https://www.sonicwall.com/SonicWall.com/files/56/56fa9647-eb16-4084-974c-dbffea20d7bd.pdf,
`
`attached hereto as Exhibit 19.
`
`The SonicWall Email Security Products
`
`51.
`
`Defendant’s Email Security Products provide protection from inbound and outbound
`
`email threats and compliance violations. Defendant’s Email Security Products include its Hosted
`
`Email Security and Encryption product, its Email Security Virtual Appliance and Software, and its
`
`Email Security Appliances (including but not limited to the 5000, 7000, and 9000 appliances)
`
`(collectively, the “Email Security Products”). Defendant’s Email Security Products can subscribe to
`
`Capture ATP and to Gateway Security Services (sometimes referred to as TotalSecure or Advanced
`
`TotalSecure). See https://www.sonicwall.com/SonicWall.com/files/a6/a6a01ede-f553-487e-9e00-
`
`4dadf2e12d48.pdf, attached hereto as Exhibit 20; https://www.sonicwall.com/en-us/products/secure-
`
`email, attached hereto as Exhibit 21.
`52.
`
`The Email Security Products also include Defendant’s Global Response Intelligent
`
`Defense Network (GRID).
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`10
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 5:17-cv-04467-BLF Document 1 Filed 08/04/17 Page 12 of 72
`
`
`
`
`
`
`
`See https://www.sonicwall.com/SonicWall.com/files/1c/1c98ce01-7ece-4b06-a88b-
`
`d1d309f05ffd.pdfhttps:/www.sonicwall.com/SonicWall.com/files/3c/3c03ab7c-98ee-4257-88b1-
`
`
`
`bc5958eaa369.pdf at 2-3 (attached as Exhibit 22).
`
`Capture ATP
`
`53.
`
`Defendant’s Capture ATP service is a cloud-based multi-engine sandbox designed to
`
`discover and stop unknown, zero-day attacks with automated signature remediation. Capture ATP
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`11
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 5:17-cv-04467-BLF Document 1 Filed 08/04/17 Page 13 of 72
`
`
`
`scans or inspects traffic and extracts suspicious code for analysis across a broad range of file sizes and
`
`types. Capture ATP sends suspicious files to Defendant’s Capture cloud service for analysis, using a
`
`multi-engine sandbox platform, which includes virtualized sandboxing, full system emulation, and
`
`hypervisor level analysis technology. Capture ATP executes suspicious code and analyzes behavior,
`
`providing comprehensive visibility to malicious activity in the form of reports to the end user that
`
`show the malicious activity attempted by the downloadable. Capture ATP also creates an immediate
`
`hash of the incoming traffic and performs static and dynamic analysis using Defendant’s Sonic
`
`Sandbox threat detection analysis engine. See e.g., http://www.dell.com/learn/us/en/uscorp1/press-
`
`releases/2016-02-29-dell-security-multi-engine-approach-advances-sandboxing-beyond-threat-
`
`detection, attached hereto as Exhibit 23. Defendant will use the information and verdicts generated by
`
`its sandbox to provide intelligence to other subscribers of the Capture ATP service. Capture ATP is
`
`sometimes referred to as Defendant’s Analyzer.
`
`
`See https://www.sonicwall.com/SonicWall.com/files/ec/ec2a9db0-ed58-43b1-ab24-99df40408476.pdf
`
`at 1 (attached as Exhibit 24)
`
`Gateway Security Services
`
`54.
`
`Defendant’s Gateway Security Services include Defendant’s Comprehensive Gateway
`
`Security Suite (“CGSS”) and Advanced Gateway Security Suite (“AGSS”) (collectively, the “Gateway
`
`Security Services”). Defendant’s Gateway Security Services combine gateway security anti-virus,
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`12
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 5:17-cv-04467-BLF Document 1 Filed 08/04/17 Page 14 of 72
`
`
`
`anti-spyware, intrusion prevention, application intelligence and control, content filtering, and
`
`sandboxing for real-time protection against sophisticated attacks.
`
`
`See https://www.sonicwall.com/SonicWall.com/files/ff/ff78caea-ed31-4382-83bd-dd2f8f8b8255.pdf at
`
`1 (attached as Exhibit 25).
`55.
`
`CGSS provides real-time gateway analyses to the Appliance Products. CGSS provides
`
`subscriptions to Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention and Application Intelligence,
`
`Control Service, and Content Filtering Service. CGSS is also sometimes referred to as Defendant’s
`
`Gateway Anti-Virus and Anti-Spyware (“GAV”), Defendant’s Intrusion Prevention System (“IPS”),
`
`Defendant’s TotalSecure, and Defendant’s TotalSecure Advanced Edition.
`56.
`
`AGSS provides real-time gateway analyses and access to a “[m]ulti-engine sandbox to
`
`prevent unknown threats such as zero-day attacks and ransomware.” See
`
`https://www.sonicwall.com/SonicWall.com/files/ae/ae16472e-f79d-4a60-bf34-5c62a2d3fd0f.pdf,
`
`attached hereto as Exhibit 26. AGSS provides subscriptions to Gateway Anti-Virus, Anti-Spyware,
`
`Intrusion Prevention and Application Intelligence, Control Service, Content Filtering Service, and
`
`Capture ATP service. Id.
`
`SONICWALL’S INFRINGEMENT OF FINJAN’S PATENTS
`
`57.
`
`Defendant has been and is now infringing, and will continue to infringe, the ‘844
`
`Patent, the ‘822 Patent, the ‘780 Patent, the ‘926 Patent, the ‘633 Patent, the ‘154 Patent, the ‘494
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`13
`
`CASE NO.
`
`1 2 3 4 5 6 7 8 9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case 5:17-cv-04467-BLF Document 1 Filed 08/04/17 Page 15 of 72
`
`
`
`Patent, the ‘305 Patent, the ‘408 Patent, and the ‘968 Patent (collectively, the “Asserted Patents”) in
`
`this Judicial District and elsewhere in the United States by, among other things, making, using,
`
`importing, selling, and/or offering for sale the SuperMassive Series, NSA Series, and TZ Series
`
`Appliances (collectively, the “Appliance Products”) and/or the Email Security Products with or
`
`without subscriptions or add-ons such as Capture ATP, Gateway Security Services, and/or WXA
`
`Series Appliances.
`58.
`
`In addition to directly infringing the Asserted Patents pursuant to 35 U.S.C. § 271(a),
`
`either literally or under the doctrine of equivalents, or both, Defendant indirectly infringes all the
`
`Asserted Patents by instructing, directing, and/or requiring others, including its customers, purchasers,
`
`users, and developers, to perform all or some of the steps of the method claims, either literally or under
`
`the doctrine of equivalents, or both, of the Asserted Patents.
`
`COUNT I
`(Direct Infringement of the ‘844 Patent pursuant to 35 U.S.C. § 271(a))
`
`59.
`
`Finjan repeats, realleges, and incorporates by reference, as if fully set forth herein, the
`
`allegations of the preceding paragraphs, as set forth above.
`60.
`
`Defendant has infringed and continues to infringe Claims 1-44 of the ‘844 Patent in
`
`violation of 35 U.S.C. § 271(a).
`61.
`
`Defendant’s infringement is based upon literal infringement or infringement under the
`
`doctrine of equivalents, or both.
`62.
`
`Defendant’s acts of making, using, importing, selling, and/or offering for sale infringing
`
`products and services have been without the permission, consent, authorization, or license of Finjan.
`63.
`
`Defendant’s infringement includes the manufacture, use, sale, importation and/or offer
`
`for sale of Defendant’s products and services, including the Appliance Products utilizing Capture ATP
`
`and/or Gateway Security Services and the Email Security Products utilizing Capture ATP and/or
`
`Gateway Security Services (collectively, the “‘844 Accused Products”).
`64.
`
`The ‘844 Accused Products embody the patented invention of the ‘844 Patent and
`
`infringe the ‘844 Patent because they practice a method of receiving by an inspector a downloadable,
`
`COM