Case 3:13 -cv- 05808 -HSG Document 142 -1 Filed 05/01/15 Page 1 of 24
`
`PAUL J. ANDRE (State Bar No. 196585)
`pandre@lcramerlevin.com
`LISA KOBIALKA (State Bar No. 191404)
`lkobialka@kramerlevin.com
`JAMES HANNAH (State Bar No. 237978)
`jharmah @kramerlevin.com
`KRAMER LEVIN NAFTALIS & FRANKEL LLP
`990 Marsh Road
`Menlo Park, CA 94025
`Telephone: (650) 752 -1700
`Facsimile: (650) 752 -1800
`
`Attorneys for Plaintiff'
`FINJAN, INC.
`
`IN THE UNITED STATES DISTRICT COURT
`
`FOR THE NORTHERN DISTRICT OF CALIFORNIA
`
`SAN FRANCISCO DIVISION
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`FINJAN, INC.,
`
`Case No.: 5:13 -cv- 05808 -HSG
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`Plaintiff,
`
`v.
`
`PROOFPOINT, INC. and ARMORIZE
`TECHNOLOGIES, INC.,
`
`Defendants.
`
`DECLARATION OF NENAD
`MEDVIDOVIC IN SUPPORT OF
`FINJAN'S OPENING CLAIM
`CONSTRUCTION BRIEF
`
`Date:
`Time:
`Courtroom:
`Judge:
`
`June 24, 2015
`10:00 AM
`Courtroom 15, 18th Floor
`Hon. Haywood S. Gilliam, Jr.
`
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT
`OF FINJAN'S OPENNIG CLAIM CONSTRUCTION BRIEF
`
`CASE NO. 5:13 -cv- 05808 -HSG
`
`www.usroeoox.com
`
`0 r EXHIBIT
`Datetgptr_
`
`Deponen
`
`t
`
`Palo Alto Networks, Inc. - Exhibit 1041
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2015-01979
`
`

`
`Case 3:13 -cv- 05808 -HSG Document 142 -1 Filed 05/01/15 Page 2 of 24
`
`I, Nenad Medvidovic, declare:
`
`1.
`
`I make this Declaration based upon my own personal knowledge, information, and
`
`belief, and I would and could competently testify to the matters set forth herein if called upon to do so.
`
`Qualifications
`
`2.
`
`I received a Bachelor of Science ("BS") degree, Summa Cum Laude, from Arizona
`
`State University's Computer Science and Engineering department.
`
`3.
`
`I received a Master of Science ( "MS ") degree from the University of California at
`
`Irvine's Information and Computer Science department.
`
`4.
`
`I received a Doctor of Philosophy ( "PhD ") degree from the University of California at
`
`Irvine's Information and Computer Science department. My dissertation was entitled, "Architecture -
`
`Based Specification -Time Software Evolution."
`
`5.
`
`I am employed by the University of Southern California ( "USC ") as a faculty member
`
`in the Computer Science Department, and have been since January 1999. I currently hold the title of
`
`Professor with tenure. Between January 2009 and January 2013, I served as the Director of the Center
`
`for Systems and Software Engineering at USC. Since July 2011, I have served as my Department's
`
`Associate Chair for PhD Affairs
`
`6.
`
`I am very familiar with and have substantial expertise in the area of software systems
`
`development / software engineering, software architecture, software design, and distributed systems.
`
`7.
`
`I have over twenty years of research experience that has spanned a wide range of issues
`
`pertaining to large, complex, distributed software systems. This research has included security and
`
`trust as significant components. As one example, my research has resulted in a new technique that
`
`deploys a software system on a set of distributed computers in a manner that optimizes that system's
`
`"non -functional" characteristics, including efficiency, scalability, resource consumption, reliability, as
`
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT
`OF FINJAN'S OPENNIG CLAIM CONSTRUCTION BRIEF
`
`CASE NO. 5:13 -cv- 05808 -HSG
`
`1
`
`Palo Alto Networks, Inc. - Exhibit 1041
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2015-01979
`
`

`
`Case 3:13 -cv- 05808 -HSG Document 142 -1 Filed 05/01/15 Page 3 of 24
`
`well as security. As another example, motivated by the frequent vulnerability of distributed systems to
`
`malicious adversaries, I have developed, published, and eventually patented a novel technique for
`
`ensuring system security and data privacy in open computer networks. I have co- authored a widely
`
`adopted textbook on software system architectures, in which several chapters deal with the issue of
`
`security and one entire chapter is specifically dedicated to security and trust.
`
`Materials Reviewed
`
`8.
`
`I have reviewed in detail U.S. Patent Nos. 6,154,844 ( "the `844 Patent "); 7,058,822
`
`( "the `822 Patent "); 7,613,918 ( "the `918 Patent "); 7,647,633 ( "the `633 Patent "); 7,975,305 ( "the `305
`
`Patent "); 8,079,086 ( "the `086 Patent "); 8,141,154 ( "the `154 Patent "); and 8,225,408 ( "the `408
`
`Patent "); (collectively "Finjan Patents "). Declaration of James Hannah in Support of Finjan's Opening
`
`Claim Construction Brief ( "Hannah Decl. ") filed herewith, Exs. 1 -8. I have also reviewed the
`
`prosecution history of the Finjan Patents.
`
`9.
`
`I understand that I am submitting this Declaration to assist the Court in determining the
`
`proper construction of certain terms used in the claims in the Finjan Patents. I have reviewed the Joint
`
`Claim Construction and Pre -Hearing Statement Pursuant to Patent Local Rule 4 -3, which I understand
`
`was submitted jointly by Finjan and Defendants and sets forth their respective proposed claim
`
`construction and support therefore. I have also reviewed the terms that I understand were selected by
`
`Finjan and Defendants for construction.
`
`Construction of the Terms
`
`10.
`
`I have reviewed Finjan's and Defendants' proposed constructions for the terms in the
`
`claims of the Finjan Patents. Based on my experience, the Finjan Patents and the file histories of the
`
`Finjan Patent, my opinion of a person of skill in the art is a person with a bachelor's degree in
`
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT
`OF FINJAN'S OPENNIG CLAIM CONSTRUCTION BRIEF
`
`CASE NO. 5:13 -cv- 05808 -HSG
`
`2
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`Palo Alto Networks, Inc. - Exhibit 1041
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2015-01979
`
`

`
`Case 3:13 -cv- 05808 -HSG Document 142 -1 Filed 05/01/15 Page 4 of 24
`
`computer science or related field, and either (1) two or more years of industry experience and /or (2) an
`
`1
`
`advanced degree in computer science or related field.
`
`11.
`
`I understand that Finjan and /or Defendants have disputes regarding the constructions for
`
`the claims terms listed below:
`
`a) Construction of the Terms of the `822 Patent and `633 Patent
`
`12.
`
`I address the terms for the `822 Patent and `633 Patent together, as the patents are
`
`related and share a specification. I understand that Finjan and/or Defendants have disputes regarding
`
`the constructions for the claims terms listed below:
`
`Claim Term
`
`mobile protection code
`
`receiving means for receiving, at an
`information re- communicator,
`downloadable- information, including
`executable code
`
`mobile code means communicatively
`coupled to the receiving means for causing
`mobile protection code to be executed by
`a mobile code executor at a downloadable-
`information destination
`
`Finjan's Proposed
`Construction
`code capable of
`monitoring or
`intercepting potentially
`malicious code
`
`Defendants' Proposed
`Construction
`code communicated to at
`least one information -
`destination that, at
`runtime, monitors or
`intercepts actually or
`potentially malicious
`code operations
`
`Governed by 35 U.S.C.
`§ 112(6):
`
`Governed by 35 U.S.C. §
`112(6):
`
`Function: receiving
`downloadable
`information
`
`Structure: information
`re- communicator
`
`Function: receiving
`downloadable-
`information, including
`executable code
`Structure: the algorithm
`disclosed in col. 6, 1. 56 -
`col. 9,1. 62 and Figs la-
`c, 2,3
`
`Governed by 35 U.S.C.
`§ 112(6):
`
`Governed by 35 U.S.C. §
`112(6):
`
`Function: causing
`mobile protection code
`to be executed by a
`mobile code executor at
`
`Function:
`communicatively
`coupled to the receiving
`
`3
`
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT
`OF FINJAN'S OPENNIG CLAIM CONSTRUCTION BRIEF
`
`CASE NO. 5:13 -cv- 05808 -HSG
`
`Palo Alto Networks, Inc. - Exhibit 1041
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2015-01979
`
`

`
`Case 3:13 -cv- 05808 -HSG Document 142 -1 Filed 05/01/15 Page 5 of 24
`
`Structure: packaging
`engine
`
`a downloadable-
`means, and causing
`information destination mobile protection code to
`be executed by a mobile
`code executor at a
`downloadable-
`information destination
`such that one or more
`operations of the
`executable code at the
`destination, if attempted,
`will be processed by the
`mobile protection code
`Structure: the algorithm
`disclosed in Figs 7a, 7b
`and 8, and at col. 17,1.
`34
`col. 18,1. 34
`
`information -destination/downloadable -
`information destination
`
`No construction
`necessary -Plain and
`ordinary meaning
`
`a user computer that
`receives and initiates (or
`otherwise hosts)
`execution of the
`downloadable
`information
`
`(1) mobile protection code
`
`13.
`
`Based on my professional experience, a person of ordinary skill in the art would
`
`understand the meaning of the term "mobile protection code" in view of the specification of the `822
`
`Patent as "code capable of monitoring or intercepting potentially malicious code." While Mobile
`
`Protection Code is not a term typically used in the art, the meaning of the term is described in the `822
`
`Patent. Finjan's proposed construction is correct because it is consistent with the intrinsic record of the
`
``822 Patent. For example, the `822 Patent states that: "[t]he sandboxed package includes mobile
`
`protection code ( "MPC ") for causing one or more predetermined malicious operations or operation
`
`combinations of a Downloadable to be monitored or otherwise intercepted." `822 Patent, Col. 3, 11. 6-
`
`10; `633 Patent, Col. 3, 11. 7 -11. Finjan's proposed construction is also accurate in that it requires the
`
`intercepting to be of "potentially malicious code," consistent with the purpose of the mobile protection
`
`4
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT
`OF FINJAN'S OPENNIG CLAIM CONSTRUCTION BRIEF
`
`CASE NO. 5:13 -cv- 05808 -HSG
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`Palo Alto Networks, Inc. - Exhibit 1041
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2015-01979
`
`

`
`Case 3:13 -cv- 05808 -HSG Document 142 -1 Filed 05/01/15 Page 6 of 24
`
`code for protection and security. See 822 and `633 Patents, Abstract ( "Protection systems and
`
`methods provide for protecting one or more personal computers ( "PCs ") and /or other intermittently or
`
`persistently network accessible devices or processes from undesirable or otherwise malicious
`
`operations ... ").
`
`14.
`
`Defendants' proposed construction of mobile protection code as "code communicated to
`
`at least one information- destination that, at runtime, monitors or intercepts actually or potentially
`
`malicious code operations" adds additional limitations and misconstrues the term. Defendants'
`
`proposed construction adds the limitation that the mobile protection code is "code communicated to at
`
`least one information- destination." This limitation is not is incorrect because Claim 14 of `633 Patent
`
`does not require mobile protection code to be communicated to a downloadable- information
`
`destination. Defendants' construction would add a new limitation. Thus, a person of ordinary skill in
`
`the art would understand that mobile protection code is not necessarily communicated and therefore I
`
`disagree with Defendants' construction.
`
`15.
`
`Furthermore, there is no requirement that "runtime" be added to the construction of the
`
`term. Indeed, the specification states that mobile protection code can be created on a separate gateway
`
`or computer before any executable is run. `822 Patent, Col. 10, 11. 52 -54; id., Col. 11, 11. 6 -10 ( "In
`
`accordance with a further aspect of the invention, it is found that improved efficiency can also be
`
`achieved by causing the MPC to be executed within a Downloadable- destination in conjunction with,
`
`and further, prior to initiation of the detected Downloadable."); id., Col. 20, 11. 21 -32. Furthermore,
`
`nothing in the specification or prosecution history indicates that the term was defined in the narrow
`
`manner advocated by Defendants.
`
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT
`OF FINJAN'S OPENNIG CLAIM CONSTRUCTION BRIEF
`
`CASE NO. 5:13 -cv- 05808 -HSG
`
`5
`
`Palo Alto Networks, Inc. - Exhibit 1041
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2015-01979
`
`

`
`Case 3:13 -cv- 05808 -HSG Document 142 -1 Filed 05/01/15 Page 7 of 24
`
`(2) receiving means for receiving, at an information re- communicator, downloadable-
`information, including executable code
`
`16.
`
`Based on my professional experience, a person of ordinary skill in the art would
`
`understand the function of the term "receiving means for receiving, at an information re-
`
`communicator, downloadable- information, including executable code" is "receiving downloadable
`
`information" and the structure is "information re- communicator."
`
`17.
`
`I understand that in order to determine the proper function for the claim term, a person
`
`of skill in the art must look to the specification to find the structure that performs the function recited
`
`in the claim. Based on my professional experience, a person of ordinary skill in the art would
`
`understand that claim 28 of the `822 Patent discloses that the function of "receiving ... downloadable-
`
`information" is performed by the "information re- communicator." The `822 Patent discloses that
`
`"[e]mbodiments provide, within one or more `servers' (e.g. firewalls, resources, gateways, email relays
`
`or other information re- communicating devices), for receiving downloadable- information...." `822
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`Patent, Col. 5, 11. 34 -37 (emphasis added). As shown from the specification and the claim language
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`itself, the structure for receiving downloadable information is an information re- communicator.
`
`18.
`
`Defendants' proposed function has the phrase "including executable code." That
`
`additional phrase is not necessary and in my opinion would not help the fact -finder because it is
`
`already stated in the claim.
`
`19.
`
`Defendants' structure is incorrect as well. It is clear from the claim language itself and
`
`described above that the "information re- communicator" is the proper structure for "receiving
`
`23
`
`downloadable information." Indeed, Defendants fail to identify any particular structure. Thus
`
`24
`
`25
`
`26
`
`27
`
`28
`
`Defendants' function and structure for this means -plus -function element are incorrect.
`
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT
`OF FINJAN'S OPENNIG CLAIM CONSTRUCTION BRIEF
`
`CASE NO. 5:13 -cv- 05808 -HSG
`
`6
`
`Palo Alto Networks, Inc. - Exhibit 1041
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2015-01979
`
`

`
`Case 3:13 -cv- 05808 -HSG Document 142 -1 Filed 05/01/15 Page 8 of 24
`
`(3) mobile code means communicatively coupled to the receiving means for causing
`mobile protection code to be executed by a mobile code executor at a
`downloadable- information destination
`
`20.
`
`Based on my professional experience, a person of ordinary skill in the art would
`
`understand the function of the term "mobile code means communicatively coupled to the receiving
`
`means for causing mobile protection code to be executed by a mobile code executor at a
`
`downloadable- information destination" is "causing mobile protection code to be executed by a mobile
`
`code executor at a downloadable- information destination" and the structure is "packaging engine."
`
`21.
`
`I understand that in order to determine the proper function for the claim term, a person
`
`of skill in the art must look to the specification to find the structure that performs the function recited
`
`in the claim. Here, the claim language itself informs the structure and function of the means -plus-
`
`function term.
`
`...mobile code means communicatively coupled to the receiving means
`for causing mobile protection code to be executed by a mobile code
`executor at a downloadable- information destination such that one or more
`operations of the executable code at the destination, if attempted, will be
`processed by the mobile protection code,
`
`wherein the causing is accomplished by forming a sandboxed package
`including the mobile protection code and the downloadable-infonnation,
`and causing the sandboxed package to be delivered to the downloadable -
`information destination.
`
``822 Patent, Claim 28 at Col. 24,11. 5 -16 (emphasis added).
`
`22.
`
`Here the claim language specifies that the "mobile code means" is for "causing mobile
`
`protection code to be executed by a mobile code executor at a downloadable- information destination ".
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`Thus the function is "causing mobile protection code to be executed by a mobile code executor at a
`
`24
`
`25
`
`26
`
`27
`
`28
`
`downloadable- information destination." As explained in the specification of the `822 Patent, the
`
`packaging engine is responsible for "causing mobile protection code to be executed by a mobile code
`
`executor at a downloadable- information destination" "wherein the causing is accomplished by forming
`
`7
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT
`OF FINJAN'S OPENNIG CLAIM CONSTRUCTION BRIEF
`
`CASE NO. 5:13 -cv- 05808 -HSG
`
`Palo Alto Networks, Inc. - Exhibit 1041
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2015-01979
`
`

`
`Case 3:13 -cv- 05808 -HSG Document 142 -1 Filed 05/01/15 Page 9 of 24
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`a sandboxed package" "and causing the sandboxed package to be delivered to the downloadable -
`
`information destination ". See e.g., `822 Patent at Col. 2, 1. 64 to Col. 3, 1. 3 ( "a packaging engine for
`
`causing a sandboxed package...to be sent to a Downloadable- destination. "); id., Col. 12, 11. 48 -55
`
`( "Packaging engine 403 provides for generating mobile protection code and protection policies, and for
`
`causing delivery thereof (typically with a detected- Downloadable) to á Downloadable- destination...
`
`packaging engine 403 includes ...linking engine 405. ") (emphasis added); id., Col. 13, 11. 30 -37
`
`( "Linking engine 405 provides for forming from received component elements (see above) á
`
`sandboxed package.... ") (emphasis added); id., Col. 20, 11. 4 -20 ( "The FIG. 106 flowchart illustrates a
`
`method for forming a sandboxed package according to an embodiment of the invention. "); id., Figs. 4,
`
`IOB. Thus, the packaging engine both forms the sandbox package and causes it to be delivered to the
`
`downloadable- information destination. Therefore, the structure performing the function "causing
`
`mobile protection code to be executed by a mobile code executor at a downloadable- information
`
`destination" is the "packaging engine."
`
`23.
`
`Defendants' structure and function are incorrect for this means -plus -function element.
`
`Defendants fail to identify a particular structure for performing their identified function. Further, as
`
`discussed above, the function is performed by causing the mobile protection code to be sent to the
`
`destination. Defendants' proposed structure citations regard extracting a sandboxed package at a
`
`destination computer. See e.g., `822 Patent at Col. 17, 11. 31 -33; Figs 7a, 7b, and 8. Thus, Defendants'
`
`structure is incorrect because it requires the destination computer to form and send a sandboxed
`
`package to itself.
`
`(4) information -destination /downloadable- information destination
`
`24.
`
`Based on my professional experience, a person of ordinary skill in the art would
`
`understand the meaning of the terms "information- destination" and "downloadable- information
`
`destination" as these terms used are in the claims of the `822 and /or `633 Patent and in view of the
`
`8
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT
`OF FINJAN'S OPENNIG CLAIM CONSTRUCTION BRIEF
`
`CASE NO. 5:13 -cv- 05808 -HSG
`
`Palo Alto Networks, Inc. - Exhibit 1041
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2015-01979
`
`

`
`Case 3:13 -cv- 05808 -HSG Document 142 -1 Filed 05/01/15 Page 10 of 24
`
`i
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
``822 and `633 Patent. As such, no construction is necessary for the term. The tern' is easily
`understood based on the plain language -a destination for information. Defendants' proposed
`construction of "a user computer that receives and initiates (or otherwise hosts) execution of the
`
`downloadable information" is unnecessarily limiting and unsupported by the intrinsic record. For
`
`example, the specification of the `822 Patent states that "[ejmbodiments further provide for causing
`
`mobile protection code ( "MPC ") and downloadable protection policies to be communicated to,
`
`installed and executed within one or more received information destinations in conjunction with a
`
`detected -Downloadable." `822 Patent, Col. 5, 11. 44 -48. As shown in the specification, information -
`
`destination is not limited to a "user computer that receives and initiates (or otherwise hosts) execution
`
`of the downloadable information," and can be any location where the information is communicated to,
`
`installed or executed. Furthermore, the `822 Patent defines an "information- destination" to include
`
`"firewall/server, or other information- suppliers or intermediaries (i.e. as a `re- communicator' or
`
``server')." `822 Patent, Col. 7,11. 46 -56. As shown in the specification, the information- destination is
`
`not limited to the computer or device that receives and initiates (or otherwise hosts) execution of
`
`downloadable- information. As such, the proper construction is plain and ordinary meaning, which
`
`would encompass the correct interpretation of an information- destination /downloadable -information
`
`destination, without improperly limiting the term to a narrow understanding of a single user computer
`
`that receives and initiates (or otherwise hosts) execution of the downloadable information.
`
`b) Construction of the Terms of the `086 Patent
`
`25.
`
`I understand that Finjan and /or Defendants have disputes regarding the constructions for
`
`the claims terms listed below:
`
`Claim Term
`
`Database
`
`Finjan's Proposed
`Construction
`a collection of
`interrelated data
`
`Defendants' Proposed
`Construction
`a structured set of data
`
`9
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT
`OF FINJAN'S OPENNIG CLAIM CONSTRUCTION BRIEF
`
`CASE NO. 5:13 -cv- 05808 -HSG
`
`Palo Alto Networks, Inc. - Exhibit 1041
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2015-01979
`
`

`
`Case 3:13 -cv- 05808 -HSG Document 142 -1 Filed 05/01/15 Page 11 of 24
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`organized according to a
`database schema to
`serve one or more
`applications
`
`26.
`
`Based on my professional expefence, a person of ordinary skill in the art would
`
`understand the meaning of the term "database" consistently with the commonly understood definition
`
`of the term. The readily understood meaning of "database" is "a collection of interrelated data
`
`organized according to a database schema to serve one or more applications." There is nothing in the
`
`intrinsic record of the asserted patent which requires a departure from this commonly understood
`
`meaning; in fact, this construction describes how the specification uses the term.
`
`27.
`
`A person of ordinary skill in the art would understand that the term "database" as used
`
`in the `086 Patent means "a collection of interrelated data organized according to a database schema to
`
`serve one or more application." A database refers to structured data organized for use and retrieval for
`
`other applications. The "database schema" of a database describes how the data stored within the
`
`database is organized. For example, the `086 Patent states that "[a]ny suitable explicit or referencing
`
`list, database or other storage structure(s) or storage structure configuration(s) can also be utilized to
`
`implement a suitable user /device based protection scheme...or other desired protection schema." `086
`
`Patent, Col. 16, 11. 53 -57 (emphasis added). A schema allows other applications to use a database to
`
`manage, store, retrieve, and access this data this data. The `780 Patent describes this when it states that
`
`"[t]he security program 255 operates in conjunction with the security database 240, which includes
`
`security policies 305, known Downloadables 307, known Certificates 309 and Downloadable Security
`
`Profile (DSP) data 310 corresponding to the known Downloadables 307." `780 Patent, Col. 4, 11. 23-
`
`27.1 The `780 Patent further provides that the DSP data 310 stored in the security database 240 is used
`
`by other applications, for example, "[i]f the DSP data 310 of the received Downloadable is known, the
`
`The `086 Patent incorporates by reference the 6,804,780 Patent (the "'780 Patent "). Hannah Decl.,
`Ex. 9.
`
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT
`OF FINJAN'S OPENNIG CLAIM CONSTRUCTION BRIEF
`
`CASE NO. 5:13 -cv- 05808 -HSG
`
`10
`
`Palo Alto Networks, Inc. - Exhibit 1041
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2015-01979
`
`

`
`Case 3:13 -cv- 05808 -HSG Document 142 -1 Filed 05/01/15 Page 12 of 24
`
`code scanner 325 retrieves and forwards the information to the ACL comparator 330." `780 Patent,
`
`Col. 5, 11. 48 -51. This is just one example of how the `086 Patent describes a database that actively
`
`uses structured data in a manner for storing and retrieving security profiles for Downloadable that is
`
`consistent with the normally understood meaning of the term.
`
`28.
`
`I disagree with Defendants' "structured set of data" construction because they have
`
`incorrectly equated it to a "log file." In my opinion, this is not the proper definition of a database and
`
`supports the need to construe this term in a manner that is consistent with the definition understood by
`
`those of skill in the art. A person of ordinary skill in the art would understand a simple log file is not a
`
`database because it is not structured like a database. A database, on the other hand, is a structured
`
`software component that allows user and other software components to store and retrieve data in an
`
`efficient manner consistent with Finjan's construction.
`
`29. Moreover, the `086 Patent distinguishes between a log file and a database
`
`demonstrating that they are not the same thing. For example, the `086 Patent describes logging results
`
`for a human to review in an event log, while the security database is used for storage and access by
`
`other component of the system. The `086 Patent states that "the logical engine 333 forwards a status
`
`report to the record -keeping engine 335, which stores the reports in event log 245 in the data storage
`
`device 230 for subsequent review, for example, by the MIS director." `780 Patent, Col. 7, 11. 16 -20.
`
`This shows that any understanding of database should be distinct from a log file because the patent
`
`uses the terms to represent different aspects of the system. Accordingly, to distinguish between a log
`
`file and a database, it is my opinion that Finjan's construction of a database as "a collection of
`
`interrelated data organized according to a database schema to serve one or more applications" is
`
`appropriate.
`
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT
`OF FINJAN'S OPENNIG CLAIM CONSTRUCTION BRIEF
`
`CASE NO. 5:13 -cv- 05808 -HSG
`
`11
`
`Palo Alto Networks, Inc. - Exhibit 1041
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2015-01979
`
`

`
`Case 3:13 -cv- 05808 -HSG Document 142 -1 Filed 05/01/15 Page 13 of 24
`
`c) Construction of the Terms of the `408 Patent
`
`30.
`
`I understand that Finjan and /or Defendants have disputes regarding the constructions for
`
`the claims terms listed below:
`
`Claim Term
`
`parse tree
`
`Finjan's Proposed
`Construction
`a tree data structure
`representing exploits in
`scanned content
`
`Defendants' Proposed
`Construction
`a set of linked nodes
`whose nodes represent
`tokens and patterns in
`accordance with the
`parser rules
`
`31.
`
`Based on my professional experience, a person of ordinary skill in the art would
`
`understand the meaning of the terms "parse tree" as it is used in the claims of the `408 Patent and in
`
`view of the `408 Patent as "a tree data structure representing exploits in scanned content " The `408
`
`Patent describes that "parser 220 uses a parse tree data structure to represent scanned content." `408
`
`Patent, Col. 8, 11. 24 -25. The `408 Patent is also focused on detecting exploits within the parse tree,
`
`stating that "generating a parse tree from the identified patterns of tokens, and identifying the presence
`
`of potential exploits within the parse tree." `408 Patent, Abstract; see also id., Col. 9, 11. 32 -38 ( "rules
`
`are provided to analyzer 230 for each known exploit" and that "the nodes of the parse tree also include
`
`data for analyzer rules that are matched. "). For example, claim 1 of the `408 Patent recites that:
`
`...dynamically building, by the computer while said receiving receives the
`incoming stream, a parse tree whose nodes represent tokens and patterns
`in accordance with the parser rules;
`
`dynamically detecting, by the computer while said dynamically building
`builds the parse tree, combinations of nodes in the parse tree which are
`indicators of potential exploits based on the analyzer rules; and
`
`indicating, by the computer, the presence of potential exploits within the
`incoming stream, based on said dynamically detecting.
`
`12
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT
`OF FINJAN'S OPENNIG CLAIM CONSTRUCTION BRIEF
`
`CASE NO. 5:13 -cv- 05808 -HSG
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`Palo Alto Networks, Inc. - Exhibit 1041
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2015-01979
`
`

`
`Case 3:13 -cv- 05808 -HSG Document 142 -1 Filed 05/01/15 Page 14 of 24
`
``408 Patent, Claim 1 at Col. 19, I. 64 to Col. 20, I. 7 (emphasis added). The description within
`
`the claims and the description of a tree data structure are sufficient for a person of ordinary skill
`
`in the art and is consistent with Finjan's construction.
`
`32.
`
`I disagree with Defendants' proposed construction for this term. Defendants'
`
`construction adds limitations that are unnecessary and contradicted by the intrinsic record. Finjan's
`
`definition is clear and is how a person of ordinary skill in art would understand a "parse tree."
`
`Defendants' construction is ambiguous as to which nodes Defendants' construction refers to in reciting
`
`the phrase "whose nodes." It could be one of two options, "a set of linked nodes" or "nodes" itself.
`
`33.
`
`Further, Defendants' inclusion of a description of the parse tree "nodes" is unnecessary
`
`1
`
`2
`
`3
`
`4
`
`5
`
`6
`
`7
`
`8
`
`9
`
`10
`
`11
`
`and unwarranted when this is already included in the claims itself. See Claims 1 and 23. For example,
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`Defendants add in the limitation that the parse tree "represent tokens and patterns in accordance with
`
`the parser rules." While Defendants' construction imports a limitation that exists in claim 1, it does
`
`not exist in other independent claims. For example, claim 23 recites that:
`
`...dynamically building, while said receiving receives the incoming
`stream, a parse tree whose nodes represent tokens and rules vis-à-vis the
`specific programming language;
`
`dynamically detecting, while said dynamically building builds the parse
`tree, patterns of nodes in the parse tree which are indicators of potential
`exploits, based on said expressing vis -à -vis the specific programming
`language; and
`
`indicating, by the computer, the presence of potential exploits within the
`incoming stream, based on said dynamically detecting.
`
``408 Patent, Claim 23 at Col. 22, 11. 15 -27 (emphasis added).
`
`34.
`
`Here, the phrase of "represent tokens and patterns in accordance with the parser rules"
`
`does not exist in the claim language. Indeed, the phrase "parser rules" is not in Claim 23. Instead,
`
`26
`
`Claim 23 recites a "parse tree whose nodes represent tokens and rules vis -à -vis the specific
`
`27
`
`28
`
`DECLARATION OF NENAD MEDVIDOVIC IN SUPPORT
`OF FINJAN'S OPENNIG CLAIM CONSTRUCTION BRIEF
`
`CASE NO. 5:13 -cv- 05808 -HSG
`
`13
`
`Palo Alto Networks, Inc. - Exhibit 1041
`Palo Alto Networks, Inc. v. Finjan, Inc., IPR2015-01979
`
`

`
`Case 3:13 -cv- 05808