Case4:14-cv-01197-SBA Document58-12 Filed12/01/14 Page1 of 19
`
`
`
`PAUL J. ANDRE (State Bar No. 196585)
`pandre@kramerlevin.com
`LISA KOBIALKA (State Bar No. 191404)
`lkobialka@kramerlevin.com
`JAMES HANNAH (State Bar No. 237978)
`jhannah@kramerlevin.com
`KRAMER LEVIN NAFTALIS & FRANKEL LLP
`990 Marsh Road
`Menlo Park, CA 94025
`Telephone: (650) 752-1700
`Facsimile: (650) 752-1800
`
`Attorneys for Plaintiff
`FINJAN, INC.
`
`
`
`IN THE UNITED STATES DISTRICT COURT
`
`FOR THE NORTHERN DISTRICT OF CALIFORNIA
`
`OAKLAND DIVISION
`
`
`
`FINJAN, INC., a Delaware Corporation,
`
`
`SOPHOS INC., a Massachusetts Corporation,
`
`Case No.: 14-cv-01197-SBA
`
`DECLARATION OF NENAD
`MEDVIDOVIC IN SUPPORT OF
`PLAINTIFF FINJAN, INC.’S OPENING
`CLAIM CONSTRUCTION BRIEF
`
`
`
`Judge: Hon. Saundra B. Armstrong
`
`
`
`
`
`Plaintiff,
`
`v.
`
`Defendant.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`____________________________________________________________________________________
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT OF
`CASE NO. 14-cv-01197-SBA
`FINJAN’S OPENING CLAIM CONSTRUCTION BRIEF
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`Patent Owner Finjan, Inc. - Ex. 2033, p. 1
`
`

`
`Case4:14-cv-01197-SBA Document58-12 Filed12/01/14 Page2 of 19
`
`
`
`I, Nenad Medvidović, declare:
`
`1.
`
`I make this Declaration based upon my own personal knowledge, information, and
`
`belief, and I would and could competently testify to the matters set forth herein if called upon to do so.
`
`Qualifications
`
`2.
`
`I received a Bachelor of Science (“BS”) degree, Summa Cum Laude, from Arizona
`
`State University’s Computer Science and Engineering department.
`
`3.
`
`I received a Master of Science (“MS”) degree from the University of California at
`
`Irvine’s Information and Computer Science department.
`
`4.
`
`I received a Doctor of Philosophy (“PhD”) degree from the University of California at
`
`Irvine’s Information and Computer Science department. My dissertation was entitled, “Architecture-
`
`Based Specification-Time Software Evolution.”
`
`5.
`
`I am employed by the University of Southern California (“USC”) as a faculty member
`
`in the Computer Science Department, and have been since January 1999. I currently hold the title of
`
`Professor with tenure. Between January 2009 and January 2013, I served as the Director of the Center
`
`for Systems and Software Engineering at USC. Since July 2011, I have served as my Department’s
`
`Associate Chair for PhD Affairs.
`
`6.
`
`I am very familiar with and have substantial expertise in the area of software systems
`
`development / software engineering, software architecture, software design, and distributed systems.
`
`7.
`
`I have over twenty years of research experience that has spanned a wide range of issues
`
`pertaining to large, complex, distributed software systems. This research has included security and
`
`trust as significant components. As one example, my research has resulted in a new technique that
`
`deploys a software system on a set of distributed computers in a manner that optimizes that system’s
`
`“non-functional” characteristics, including efficiency, scalability, resource consumption, reliability, as
`
`1
`__________________________________________________________________________________
`
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT OF
`CASE NO. 14-cv-01197-SBA
`FINJAN’S OPENING CLAIM CONSTRUCTION BRIEF
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`Patent Owner Finjan, Inc. - Ex. 2033, p. 2
`
`

`
`Case4:14-cv-01197-SBA Document58-12 Filed12/01/14 Page3 of 19
`
`
`
`well as security. As another example, motivated by the frequent vulnerability of distributed systems to
`
`malicious adversaries, I have developed, published, and eventually patented a novel technique for
`
`ensuring system security and data privacy in open computer networks. I have co-authored a widely
`
`adopted textbook on software system architectures, in which several chapters deal with the issue of
`
`security and one entire chapter is specifically dedicated to security and trust.
`
`Materials Reviewed
`
`8.
`
`I understand that the following patents are at issue in the litigation between Finjan and
`
`Sophos: U.S. Patent Nos. 6,154,844 (“the ‘844 Patent); 6,804,780 (“the ‘780 Patent”); 7,613,918 (“the
`
`‘918 Patent”); 7,613,926 (“the ‘926 Patent); 7,757,289 (“the ‘289 Patent”); 8,141,154 (“the ‘154
`
`Patent); 8,566,580 (“the ‘580 Patent”); and 8,677,494 (“the ‘494 Patent”) (collectively “Finjan
`
`Patents”). I also understand the Finjan and Sophos only have disputes regarding construction of the
`
`terms in the following Finjan Patents which I have reviewed in detail: U.S. Patent Nos. 6,154,844 (“the
`
`‘844 Patent); 7,613,918 (“the ‘918 Patent”); 7,613,926 (“the ‘926 Patent); 8,566,580 (“the ‘580
`
`Patent”); and 8,677,494 (“the ‘494 Patent”). I have also reviewed the prosecution history of the Finjan
`
`Patents.
`
`9.
`
`I understand that I am submitting this Declaration to assist the Court in determining the
`
`proper construction of certain terms used in the claims in the Finjan Patents. I have reviewed the Joint
`
`Claim Construction and Pre-Hearing Statement Pursuant to Patent Local Rule 4-3, which I understand
`
`Finjan and Sophos jointly submitted and set forth their respective proposed claim construction and
`
`support therefore. I have also reviewed the terms that I understand Finjan and Sophos selected for
`
`construction.
`
`2
`__________________________________________________________________________________
`
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT OF
`CASE NO. 14-cv-01197-SBA
`FINJAN’S OPENING CLAIM CONSTRUCTION BRIEF
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`Patent Owner Finjan, Inc. - Ex. 2033, p. 3
`
`

`
`Case4:14-cv-01197-SBA Document58-12 Filed12/01/14 Page4 of 19
`
`
`
`Construction of the Terms
`
`10.
`
`I have reviewed Finjan’s and Sophos’s proposed constructions for the terms in the
`
`claims of the Finjan Patents. My understanding of a person of skill in the art is a person with a
`
`bachelor’s degree in computer science or related field, and either (1) two or more years of industry
`
`experience and/or (2) an advanced degree in computer science or related field.
`
`11.
`
`I understand that Finjan and/or Sophos have disputes regarding the constructions for the
`
`claims terms listed below:
`
`Construction of the Terms of the ‘844 Patent
`
`means for receiving a Downloadable
`
`i. means for receiving a Downloadable
`Claim Term
`Finjan’s Proposed
`Construction
`Governed by 35 U.S.C.
`§ 112(6):
`
`Function: receiving a
`Downloadable
`
`Structure:
`Downloadable file
`interceptor
`
`Sophos’s Proposed
`Construction
`Indefinite
`
`12.
`
`Based on my professional experience, a person of ordinary skill in the art would
`
`understand that the element “means for receiving a Downloadable” describes an element with the
`
`function of “receiving a Downloadable,” as unambiguously stated in the claim. A person of ordinary
`
`skill in that art would easily be able to ascertain this is the function associated with this element
`
`because the claim sets forth a clear function with reasonable certainty. Specifically, the function is
`
`found after the “for” clause in the claim term.
`
`13.
`
`I understand that in order to determine the proper function for the claim term, a person
`
`of skill in the art must look to the specification to find the structure that performs the function recited
`
`in the claim. Based on my professional experience, a person of ordinary skill in the art would
`
`3
`__________________________________________________________________________________
`
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT OF
`CASE NO. 14-cv-01197-SBA
`FINJAN’S OPENING CLAIM CONSTRUCTION BRIEF
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`Patent Owner Finjan, Inc. - Ex. 2033, p. 4
`
`

`
`Case4:14-cv-01197-SBA Document58-12 Filed12/01/14 Page5 of 19
`
`
`
`understand that the ‘844 Patent discloses that the function of “receiving a Downloadable” is performed
`
`by the “Downloadable file interceptor.” The ‘844 Patent discloses that “[m]ethod 700 begins with the
`
`Downloadable file interceptor 505 in step 705 receiving a Downloadable file” and “[t]he generic
`
`protection engine 500 includes a Downloadable file interceptor 505 for intercepting incoming
`
`Downloadables (i.e., Downloadable files) for inspection….” ‘844 Patent, Col. 9, ll. 21-22;Col. 7,
`
`ll.44-46. As shown from these passages, the structure for intercepting an incoming Downloadable is a
`
`Downloadable file interceptor. Thus, there is no ambiguity and a person of skill in the art would be
`
`reasonably certain that the structure disclosed in the ‘844 Patent as performing the recited function is a
`
`“Downloadable file interceptor.”
`
`14.
`
`As a person of ordinary skill in the art would be able to determine the proper function
`
`and structure of this element with a reasonable certainty when the claim is read in light of the
`
`specification and prosecution history. I disagree with Sophos’s assertion that the element is indefinite.
`
`Claim Term
`
`means for generating a first
`Downloadable security profile that
`identifies suspicious code in the received
`Downloadable
`
`Sophos’s Proposed
`Construction
`Indefinite
`
`ii. means for generating a first Downloadable security profile that identifies
`suspicious code in the received Downloadable
`Finjan’s Proposed
`Construction
`Governed by 35 U.S.C.
`§ 112(6):
`Function: generating a
`first Downloadable
`security profile that
`identifies suspicious code
`in the received
`Downloadable
`
`Structure: content
`inspection engine
`
`15.
`
`Based on my professional experience, a person of ordinary skill in the art would
`
`understand that the element “means for generating a first Downloadable security profile that identifies
`
`suspicious code in the received Downloadable” describes an element with the function of “generating a
`
`4
`__________________________________________________________________________________
`
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT OF
`CASE NO. 14-cv-01197-SBA
`FINJAN’S OPENING CLAIM CONSTRUCTION BRIEF
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`Patent Owner Finjan, Inc. - Ex. 2033, p. 5
`
`

`
`Case4:14-cv-01197-SBA Document58-12 Filed12/01/14 Page6 of 19
`
`
`
`first Downloadable security profile that identifies suspicious code in the received Downloadable.” The
`
`claim language unambiguously states the proper function and person of ordinary skill in that art would
`
`easily be able to ascertain this is the function associated with this element because the claim sets forth
`
`a clear function with reasonable certainty. Like the previous element, the function is recited in the
`
`claim after the “for” clause.
`
`16.
`
`Because this is another means-plus-function term, I understand that one of skill must
`
`look to the specification to determine the proper structure of the recited function in the claim. Based
`
`on my professional experience, a person of ordinary skill in the art would understand that the ‘844
`
`Patent discloses that the function of “generating a first Downloadable security profile that identifies
`
`suspicious code in the received Downloadable” is performed by the “content inspection engine.” The
`
`‘844 Patent discloses that “a content inspection engine [] uses a set of rules to generate a
`
`Downloadable security profile corresponding to a Downloadable” and “a local content inspection
`
`engine 525 generates a [Downloadable security profile]” ‘844 Patent, Abstract, Col. 7, ll. 62-63.
`
`Further establishing that the content inspection engine is the correct structure is that the ‘844 Patent
`
`identifies that the Downloadable security profile “preferably includes a list of potentially hostile or
`
`suspicious computer operations,” and may include the “respective arguments of these operations”
`
`which matches the language in the claims of identifying suspicious code in the Downloadable. ‘844
`
`Patent, Col. 4, ll. 4-7. As shown from these passages, a person of ordinary skill in the art would
`
`understand with reasonable certainty that the structure that performs the function of “generating a first
`
`Downloadable security profile that identifies suspicious code in the received Downloadable” is the
`
`“content inspection engine.”
`
`5
`__________________________________________________________________________________
`
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT OF
`CASE NO. 14-cv-01197-SBA
`FINJAN’S OPENING CLAIM CONSTRUCTION BRIEF
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`Patent Owner Finjan, Inc. - Ex. 2033, p. 6
`
`

`
`Case4:14-cv-01197-SBA Document58-12 Filed12/01/14 Page7 of 19
`
`
`
`17.
`
`As a person of ordinary skill in the art would be able to determine the proper function
`
`and structure of this element with a reasonable certainty when the claim is read in light of the
`
`specification and prosecution history. I disagree with Sophos’s assertion that the element is indefinite.
`
`Claim Term
`
`means for linking the first Downloadable
`security profile to the Downloadable
`before a web server makes the
`Downloadable available to web clients
`
`iii. means for linking the first Downloadable security profile to the Downloadable
`before a web server makes the Downloadable available to web clients
`Finjan’s Proposed
`Sophos’s Proposed
`Construction
`Construction
`Indefinite
`Governed by 35 U.S.C.
`§ 112(6):
`
`Function: linking the
`first Downloadable
`security profile to the
`Downloadable before a
`web server makes the
`Downloadable available
`to web clients
`
`Structure: content
`inspection engine
`
`18.
`
`Based on my professional experience, a person of ordinary skill in the art would
`
`understand that the element “means for linking the first Downloadable security profile to the
`
`Downloadable before a web server makes the Downloadable available to web clients” describes an
`
`element with the function of “linking the first Downloadable security profile to the Downloadable
`
`before a web server makes the Downloadable available to web clients.” As with the previous means-
`
`plus-function elements, the claim unambiguously states that the function in this element is found after
`
`the “for” clause. Thus, a person of ordinary skill in that art would easily be able to ascertain the
`
`function associated with this element with reasonable certainty by merely observing the claim
`
`language.
`
`19.
`
`It is my understanding that once the function is identified, one of skill in the art must
`
`look to the specification in order to determine the proper structure for performing the function. Based
`
`6
`__________________________________________________________________________________
`
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT OF
`CASE NO. 14-cv-01197-SBA
`FINJAN’S OPENING CLAIM CONSTRUCTION BRIEF
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`Patent Owner Finjan, Inc. - Ex. 2033, p. 7
`
`

`
`Case4:14-cv-01197-SBA Document58-12 Filed12/01/14 Page8 of 19
`
`
`
`on my professional experience, a person of ordinary skill in the art would understand that the ‘844
`
`Patent discloses that the function of “linking the first Downloadable security profile to the
`
`Downloadable before a web server makes the Downloadable available to web clients” is performed by
`
`the “content inspection engine” disclosed in the ‘844 Patent. Generally, when users enter a URL into
`
`their browser, a request is sent to the URL’s web server, which provides requested web pages. The
`
`‘844 Patent discloses scenarios where a web server provides web pages to web clients that request web
`
`content. ‘844 Patent at Col. 5, l. 5-13; Col. 10, l. 24-65. The ‘844 Patent also explains that such
`
`content may include hostile Downloadables. ‘844 Patent at Col. 5, l. 5-13. In order to provide
`
`protection against hostile Downloadables, the ‘844 Patent discloses a content inspection engine that
`
`will retrieve and generate a Downloadable security profile for such content. ‘844 Patent at Col. 4, l.
`
`35-57. The ‘844 Patent further describes that in order to protect a user from malicious Downloadables,
`
`“[t]he first content inspection engine may link to the Downloadable … [and] [a]dditional content
`
`inspection engines may generate and link additional Downloadable security profiles to the
`
`Downloadable.” ‘844 Patent, Abstract; see also id. at Col. 3, l. 66-Col. 4, l. 4; Col. 8, ll. 49-51; Col. 6,
`
`ll. 18-21. The specification explains that such “linking” is used to indicate an association between the
`
`Downloadable and the DSP” and provides numerous examples, including “the DSP 215 can be stored
`
`in the network system 100, and alternatively a pointer to the DSP 215 can be attached to the signed
`
`inspected Downloadable.” See id. Such linking provides protection against malicious Downloadables
`
`because the system has generated a profile for the Downloadable. ‘844 Patent at Col. 3, l. 2-7. Such
`
`linking also creates efficiencies because the system avoids the need to generate Downloadable security
`
`profiles for previously inspected content. Instead, the system reuses the previously generated profile.
`
`‘844 Patent at Col. 3, l. 2-7. In other words, a web server can be prevented from making a hostile
`
`Downloadable available to web clients based on a security profile that was previously linked by the
`
`7
`__________________________________________________________________________________
`
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT OF
`CASE NO. 14-cv-01197-SBA
`FINJAN’S OPENING CLAIM CONSTRUCTION BRIEF
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`Patent Owner Finjan, Inc. - Ex. 2033, p. 8
`
`

`
`Case4:14-cv-01197-SBA Document58-12 Filed12/01/14 Page9 of 19
`
`
`
`content inspection engine to that Downloadable. ‘844 Patent at Col. 9, l. 31-Col. 10, l. 23. Because
`
`the ‘844 Patent discloses that the content inspection engine generates and links security profiles to
`
`Downloadables, the proper structure for this function is the content inspection engine.
`
`20.
`
`As a person of ordinary skill in the art would be able to determine the proper function
`
`and structure of this element with a reasonable certainty when the claim is read in light of the
`
`specification and prosecution history. I disagree with Sophos’s assertion that the element is indefinite.
`
`Construction of the Terms of the ‘918 Patent
`
`i. CODE-C
`Claim Term
`
`CODE-C
`
`Finjan’s Proposed
`Construction
`combined code
`
`Sophos’s Proposed
`Construction
`combined code created
`at the gateway computer
`
`21.
`
`Based on my professional experience, a person of ordinary skill in the art would
`
`understand the meaning of the terms “CODE-C” as it is used in the claims of the ‘918 Patent and in
`
`view of the ‘918 Patent as “combined code.” CODE-C is used in the ‘918 Patent to describe the
`
`combination of an “information about the computer account,” CODE-A and CODE-B. Claim 12
`
`describes:
`
`12. A computer security system for a gateway computer, comprising:
`
` a
`
` receiver for receiving content including potentially malicious executable code
`("CODE-A"), intended for downloading at a client computer, wherein the client
`computer manages a plurality of computer accounts for logging in to the client
`computer, and wherein each computer account of the plurality of computer
`accounts has associated therewith a security context within which an executable
`running on the client computer under such account is processed;
`
` a
`
` code profiler, coupled with said receiver, for scanning CODE-A and deriving a
`profile thereof;
`
` a
`
` security context generator, coupled with said code profiler, for determining,
`based on the profile of CODE-A derived by said profiler, an appropriate
`computer account from among the plurality of computer accounts, under which
`CODE-A may be processed by the client computer;
`
`8
`__________________________________________________________________________________
`
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT OF
`CASE NO. 14-cv-01197-SBA
`FINJAN’S OPENING CLAIM CONSTRUCTION BRIEF
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`Patent Owner Finjan, Inc. - Ex. 2033, p. 9
`
`

`
`Case4:14-cv-01197-SBA Document58-12 Filed12/01/14 Page10 of 19
`
` a
`
` code packager, coupled with said security context generator, for packaging (i)
`information about the computer account determined by said security context
`generator and (ii) CODE-A, with (iii) executable wrapper code ("CODE-B"),
`into a combined code ("CODE-C"); and
`
` a
`
` transmitter, coupled with said code packager, for forwarding CODE-C to the
`client computer for processing.
`
`As shown, CODE-C is explicitly defined as the “combined code” of “information about
`
`
`
`22.
`
`the computer account”, CODE-A and CODE-B. This understanding is further supported by the
`
`specification of the ‘918 Patent, where CODE-C is described as “combining (i) information about the
`
`determined computer account name and (ii) CODE-A, with executable wrapper code (“CODE-B”) into
`
`combined code (“CODE-C”).” ‘918 Patent, Abstract; See also Col. 10, ll. 6-7 (“After embedding
`
`CODE-A within CODE-B, the combined file, CODE-C, is forwarded.”). Thus, CODE-C is defined as
`
`“combined code” in the specification and claim.
`
`23.
`
`I disagree with Sophos’s construction to the extent it requires that CODE-C be
`
`combined code “created at the gateway computer.” There is nothing in the specification requiring a
`
`gateway computer to create the combined code. The ‘918 Patent discloses embodiments where a
`
`gateway computer does not create the CODE-C, and would allow different network components
`
`besides a network gateway to make the CODE-C. For example, claim 12 states in the preamble “[a]
`
`computer security system for a gateway computer,” but claim 22 does not mention a gateway and is
`
`directed more generically to a “method for computer security,” without any mention of the gateway.
`
`Requiring CODE-C to be created at a gateway computer is also inconsistent with the specification,
`
`which mentions several embodiments that are not required to be at a gateway computer, and the first
`
`preferred embodiment does not recite the use of a gateway:
`
`There is thus provided in accordance with a preferred embodiment of the present
`invention a method for computer security, including receiving content including
`potentially malicious executable code (“CODE-A”), intended for down loading
`
`9
`__________________________________________________________________________________
`
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT OF
`CASE NO. 14-cv-01197-SBA
`FINJAN’S OPENING CLAIM CONSTRUCTION BRIEF
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`Patent Owner Finjan, Inc. - Ex. 2033, p. 10
`
`

`
`Case4:14-cv-01197-SBA Document58-12 Filed12/01/14 Page11 of 19
`
`
`
`at a client computer, scanning CODE-A to derive a profile thereof, determining,
`based on the derived profile of CODE-A, an appropriate computer account from
`among a plurality of computer accounts, under which CODE-A may be
`processed by the client computer, wherein each computer account of the
`plurality of computer accounts has associated therewith a security context within
`which an executable run under such account is processed, combining (i)
`information about the determined computer account name and (ii) CODE A,
`with (iii) executable wrapper code (“CODE-B”) into combined code (“CODE-
`C”), and forwarding CODE-C to the client computer for processing.
`
`
`‘918 Patent, Col. 4, ll. 10-25 (emphasis added).
`
`
`24.
`
`This contrasts with other preferred embodiments that are disclosed as operating at the
`
`gateway—“There is further provided in accordance with a preferred embodiment for the present
`
`invention a computer security system for a gateway computer.” ‘918 Patent, Col. 4, ll. 26-28. The
`
`disclosure of embodiments both at the gateway and those not required to be at the gateway shows that
`
`the ‘918 Patent contemplated both gateway and non-gateway embodiments. Thus, requiring that the
`
`CODE-C is “created at the gateway computer” reads out embodiments disclosed in the specification of
`
`the ‘918 Patent.
`
`25.
`
`As such, Finjan’s proposed construction is the correct construction because it is
`
`consistent with the specification and claims, and does not read out embodiments disclosed in the
`
`specification of the ‘918 Patent. Sophos’s proposed construction is incorrect because it reads out
`
`embodiments not located at the gateway.
`
`ii. Security Context
`Claim Term
`
`security context
`
`Finjan’s Proposed
`Construction
`Plain and ordinary
`meaning.
`
`Sophos’s Proposed
`Construction
`an environment in
`which a software
`application is run, which
`may limit resources that
`the application is
`permitted to access or
`operations that the
`application is permitted
`to perform
`
`10
`__________________________________________________________________________________
`
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT OF
`CASE NO. 14-cv-01197-SBA
`FINJAN’S OPENING CLAIM CONSTRUCTION BRIEF
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`Patent Owner Finjan, Inc. - Ex. 2033, p. 11
`
`

`
`Case4:14-cv-01197-SBA Document58-12 Filed12/01/14 Page12 of 19
`
`
`
`26.
`
`Based on my professional experience, a person of ordinary skill in the art would
`
`understand the meaning of the phrase “security context” without any further construction because the
`
`term is already defined within the claims of the ‘918 Patent. For example, Claim 12 describes:
`
`12. A computer security system for a gateway computer, comprising:
`
` a
`
` receiver for receiving content including potentially malicious executable code
`("CODE-A"), intended for downloading at a client computer, wherein the client
`computer manages a plurality of computer accounts for logging in to the client
`computer, and wherein each computer account of the plurality of computer
`accounts has associated therewith a security context within which an executable
`running on the client computer under such account is processed;
`
` a
`
` code profiler, coupled with said receiver, for scanning CODE-A and deriving a
`profile thereof;
`
` a
`
` security context generator, coupled with said code profiler, for determining,
`based on the profile of CODE-A derived by said profiler, an appropriate
`computer account from among the plurality of computer accounts, under which
`CODE-A may be processed by the client computer;
`
` a
`
` code packager, coupled with said security context generator, for packaging (i)
`information about the computer account determined by said security context
`generator and (ii) CODE-A, with (iii) executable wrapper code ("CODE-B"),
`into a combined code ("CODE-C"); and
`
` a
`
` transmitter, coupled with said code packager, for forwarding CODE-C to the
`client computer for processing.
`
`As shown above, the claims of the ‘918 Patent already describe that as “each computer
`
`27.
`
`account of the plurality of computer accounts has associated therewith a security context within which
`
`an executable running on the client computer under such account is processed.” As such, claim 12
`
`already defines security context as (1) associated with a computer account and (2) that the executable
`
`runs within the security context and under the associated account. Nothing in the intrinsic record
`
`would require a narrower interpretation then already set forth in this claim language.
`
`28.
`
`The description provided in the claims is consistent with the use of the term in the
`
`specification, which states “[t]he present invention makes use of restricted security contexts that are
`
`11
`__________________________________________________________________________________
`
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT OF
`CASE NO. 14-cv-01197-SBA
`FINJAN’S OPENING CLAIM CONSTRUCTION BRIEF
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`Patent Owner Finjan, Inc. - Ex. 2033, p. 12
`
`

`
`Case4:14-cv-01197-SBA Document58-12 Filed12/01/14 Page13 of 19
`
`
`
`associated within certain user/group computer accounts, such as guest accounts. Specifically, the
`
`present invention ensures that suspicious content is processed with a restricted security context on a
`
`client computer, by running such content under an appropriate user/group computer account.” ‘918
`
`Patent, Col. 4, ll. 3-9. The claims use the term in a manner consistent with the specification, providing
`
`further evidence that the description and usage of the term in the claim is correct.
`
`29.
`
`Sophos’s proposed construction is unnecessary because the claims already define the
`
`term. Sophos’s proposed construction includes the added language that the security context “may limit
`
`resources that the application is permitted to access or operation that the application is permitted to
`
`perform.” However, there is no statement in the specification that the invention requires the security
`
`context to limit resources. As such, there is no need to include the language in the proposed
`
`construction because it adds limitations to the claims that are not required by the intrinsic record.
`
`Construction of the Terms of the ‘926 Patent and ‘494 Patent
`
`i. database
`Claim Term
`
`database
`
`Sophos’s Proposed
`Construction
`no construction
`necessary
`
`Finjan’s Proposed
`Construction
`a collection of
`interrelated data
`organized according to a
`database schema to
`serve one or more
`applications
`
`30.
`
`Based on my professional experience, a person of ordinary skill in the art would
`
`understand the meaning of the term “database” consistently with the commonly understood definition
`
`of the term. The readily understood meaning of “database” is “a collection of interrelated data
`
`organized according to a database schema to serve one or more applications.” There is nothing in the
`
`intrinsic record of the asserted patents which require a departure from this commonly understood
`
`meaning.
`
`12
`__________________________________________________________________________________
`
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT OF
`CASE NO. 14-cv-01197-SBA
`FINJAN’S OPENING CLAIM CONSTRUCTION BRIEF
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`Patent Owner Finjan, Inc. - Ex. 2033, p. 13
`
`

`
`Case4:14-cv-01197-SBA Document58-12 Filed12/01/14 Page14 of 19
`
`
`
`31.
`
`A person of ordinary skill in the art would understand that the term “database” as used
`
`in the ‘918 and ‘494 Patents means “a collection of interrelated data organized according to a database
`
`schema to serve one or more application.” A database refers to structured data organized for use and
`
`retrieval for other applications. The “database schema” of a database describes how the data stored
`
`within the database is organized. This allows other applications to use a database to access this data.
`
`The ‘494 Patent describes this when it states that “[t]he security program 255 operates in conjunction
`
`with the security database 240, which includes security policies 305, known Downloadables 307,
`
`known Certificates 309 and Downloadable Security Profile (DSP) data 310 corresponding to the
`
`known Downloadables 307.” ‘780 Patent, Col. 4, ll. 23-27.1 The ‘494 Patent further provides that the
`
`DSP data 310 stored in the security database 240 is used by other applications, for example, “[i]f the
`
`DSP data 310 of the received Downloadable is known, the code scanner 325 retrieves and forwards the
`
`information to the ACL comparator 330.” ‘780 Patent, Col. 5, ll. 48-52. This is just one example of
`
`how the ‘918 and ‘494 Patents describe a database that actively uses structured data in a manner that is
`
`consistent with the normally understood meaning of the term.
`
`32.
`
`I understand that Sophos has equated a