TO:
`
`Mail Stop 8
`Director of the U.S. Patent & Trademark Office
`P.O. Box 1450
`Alexandria, VA 22313-1450
`
`REPORT ON THE
`FILING OR DETERMINATION OF AN
`ACTION REGARDING A PATENT OR
`
`St., Suite 400S, Oakland, CA 94612
`
`
`
`
`
`
`
`Geszgaal
`
`
`
`
`
`In the above—entitled case, the following patent(s) have been included:
`
`
`
`
`
`In Compliance with 35 § 290 and/or 15 U.S.C. § 1116 you are hereby advised that a court action has been
`filed in the U.S. District Court
`NDCA
`on the following
`X Patents or
`[1 Trademarks:
`DOCKETNO.
`DATEFILED
`U.S. DISTRICT COURT
`CV 13-05808 DMR
`12/16/2013
`Oakland Division, 1301 Clay
`PLAINTIFF
`DEFENDANT
`FINJAN INC
`PROOFPOINT INC ET AL
`
`TRADEMARK
`
`
`
`
`hte) 633|ama[
`
`
`
`wisgai7LL
`
`7975305|
`
`
`
`poisios[Sd
`
`
`DATE INCLUDED
`
`INCLUDED BY
`
`
`(] Answer
`C] Cross Bill
`(| Other Pleading
`(J Amendment
`
`HOLDER OF PATENT OR TRADEMARK
`FeOOEMARK
`TRADEMARKNoO
`yogoe||
`
`
`eiuisg ||
`
`
`7, 613, 718
`
`
`
`
`
`
`
`ETO
`
`In the above—entitled case, the following decision has been rendered or judgementissued:
`
`DECISION/JUDGEMENT
`
`December17, 2013
`
`Richard W. Wieking
`
`(BY) DEPUTY CLERK
`Valerie Kyono
`
`Copy 1—Uponinitiation of action, mail this copy to Commissioner Copy 3—Uponterminationof action, mail this copy to Commissioner
`Copy 2—Uponfiling document adding patent(s), mail this copy to Commissioner Copy 4—Casefile copy
`
`

`

`Case3:13-
`
`05808 Documenti Filed12/16/13
`
`aged of 40
`
`and partner feeds process 100 millions
`messages par day
`
`So 8 @
`4
`
`4
`
`Commiouch
`Recurrent Pattern Detection
`Analysis
`
`—C
`
`ofeNNBHASF|WNY
`
`See WP-Proofpoint-Close-the-Zero-Hour-Gap (attached as ExhibitI).
`
`38.
`
` Proofpoint’s Targeted Attack Protection and Malware Analysis Service (also known as
`
`Next Generation Detection) allow unknown malicious attacks that are missed bytraditional signature
`
`based detection to be caught. Proofpoint’s Malware Analysis Service utilizes anomalyticsto identify
`
`suspicious files and begins the process of analyzingthe files in a sandbox for signs of a malware
`
`attack. DS-Proofpoint-Targeted-Attack-Protection (attached as Exhibit J).
`
`39.|On September5, 2013, a wholly-owned subsidiary of Proofpoint merged with and into
`
`Armorize Technologies, Inc. (“Armorize”), with Armorize surviving as a wholly-owned subsidiary of
`
`Proofpoint. Armorize develops and markets SaaS anti-malware products and real-time dynamic
`
`detection of next generation threats. Proofpoint Form 10-Q (attached as Exhibit K).
`
`40._—_Proofpoint paid $25,000,000 in cash for Armorize and has beenutilizing Armorize
`
`technologies in Proofpoint’s products for nearly a year before the acquisition. See Proofpoint, Inc. to
`
`Acquire Armorize Technologies, Inc.pdf (attached as Exhibit L). Armorize products include
`
`HackAlert Anti-Malware, CodeSecure Automated Static Source Code Analysis and SmartWAF Web
`
`Application Firewall. Information concerning these products is shown below:
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`CASE NO.
`
`

`

`thew
`Case3:13-.
`
`35808 Documenti Filedi2/16/13 .
`
`.ge10 of 40
`
`we
`
` COC SECUlE”qutomated Static Source Code Analysis Platform
`+ Delivers formal static source code analysis and software verification on a plug-and-play appliance
`*
`Identifies critical security vulnerabilities throughout development
`+ Faciitates proactive Web application vulnerability remediation
`+
`Inplements built-in compiler technology for increased accuracyand speed
`* Deploys as browser-accessible appliance to ensure zero software installation overhead
`+ Exports results to SmartWAF™ for immediate vulnerable entry point protection
`* Supports enterprise, consulting and SaaS deployments
`
`
`
`
`—oc
`
`oNDBDURSFWYWN
`
`HackAlert"™ web Matware Monitoring andAlerting SaaS
`
`* Monitors subscriber websites 24x7 for malicious code injection and matware Drive-by-Downioads
`«
`Identifies malware download file type, source and destination on targat PC
`+ Supports automated and on-demand webske crawling as well asindividual URL scans
`+ Generates console, SMS and Email alerts upon matware injection or defacement
`+ Representsa critical component of Webapplication Incident Response process
`* Protects business and customers from Drive-by-Downioads
`
`SmartWAF™ web application Firewall
`
`* Defends natwork perimeter at the Web application layer
`* Protects against attacks that target vulnerable Web applications
`* Protects website, corporate resources and end-users
`* Supports aif major Web servers and operating systems
`«
`Implements cluster management through a centralized Web console
`*
`imports CodeSecure™ scan rewults for immediatevulnerable entry point protection
`
`See Armorize Technologies End-to-End Web Application Security (attached as Exhibit M).
`
`41.
`
`Armorize, now integrated into Proofpoint, uses, sells, offers for sale, and/or imports
`
`into the United States and this District products and services that utilize HackAlert Anti-Malware,
`
`CodeSecure Automated Static Source Code Analysis and SmartWAF Web Application Firewall,
`
`including but not limited to the following: HackAlert Suite, HackAlert Website Monitoring,
`
`HackAlert Safe Impressions, HackAlert Safelmpressions, HackAlert CodeSecure, HackAlert
`
`Vulnerability Assessment and SmartWAF.
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`CASE NO.
`
`

`

`
`
`Case3:13-c.-05808 Document] Filed12/16/13 + ugel1 of 40
`
`42.
`
`HackAlert is a service that analyzes, detects, prevents, and mitigates malware
`
`infections in online advertisements, documents and e-mails. HackAlert focuses on scanning for zero-
`
`day malware and exploits used in AdvancedPersistent Threat (“APT”) attacks, which are
`
`undetectable by typical virus or malware scanners. HackAlert’s sandbox analyzes these zero-day
`
`exploits and APT,such as malicious binaries, document exploits (PDF, Word, Excel, PowerPoint,
`
`Flash), Java exploits, browser exploits, drive-by downloads andclick-to downloads. See Take APT
`
`Malware By Storm (attached as Exhibit N).
`
`43.
`
` CodeSecure is an automatic static code analysis platform that identifies security
`
`vulnerabilities and works with SmartWAF and HackAlert to provide vulnerability entry point
`
`protection. CodeSecure identifies vulnerabilities such as Cross Site Scripting, File Inclusion,
`
`Malicious File Execution, Information Leakage and SQL Injection. CodeSecure checks for
`
`vulnerabilities based on algorithms to determine behavior outcomesofinputdata. See CodeSecure
`
`(attached as Exhibit O).
`
`44.
`
`SmartWAFis a web application firewall. It defends against web application attacks
`
`such as SQL Injection, Cross Site Scripting, Cross Site Request Forgery, Cookie Tampering,
`
`Directory Indexing, Information Leakage, Content Spoofing, Application Fingerprinting and Web
`
`Server Fingerprinting. SmartWAF mayalso integrate with CodeSecure by importing source code
`
`analysis findings and reconfiguringits rule set to block web application exploits targeted at
`
`vulnerabilities identified by CodeSecure.
`
`45,
`
` Armorize deploys a developers’ API for HackAlert Scanning and Forensics Extraction
`
`for Malware. With the API, developers can detect malware not normally caught by normal anti-virus
`
`technologies, such as zero-day exploits or Advanced Persistent Threats; automatically induce
`
`malware behaviorandcollect forensics information; and scanindividual URLsfor Web malware,
`
`10
`
`COMPLAINT FOR PATENT INFRINGEMENT
`CASE NO.
`
`

`

`
`
`co“SN
`o>wo
`
`Case3:13-.-05808 Documentl Filed12/16/13 r uge12 of 40
`
`such as drive-by downloads and click-to downloads, and generate trackbacks, exploitation steps,
`
`JavaScript execution and malware execution. See APT-malware-malvertising-scanning-api (attached
`
`as Exhibit P).
`
`DEFENDANT’S INFRINGEMENTOF FINJAN’S PATENTS
`
`46.
`
`Defendants have been and are now infringing the ‘822 Patent, the ‘633 Patent, the
`
`‘844 Patent, the ‘305 Patent, the ‘408 Patent, the ‘086 Patent, the ‘154 Patent and the ‘918 Patent
`
`(collectively “the Patents-In-Suit”) in this judicial District, and elsewhere in the United States by,
`
`among otherthings, making, using, importing,selling, and/or offering forsale the claimed systems
`
`and methodsthatutilize Proofpoint’s Zero-Hour Threat Detection, Proofpoint’s Malware Analysis
`
`Service, Proofpoint’s Targeted Attack Protection, HackAlert, and CodeSecure, including without
`
`limitation on Proofpoint Enterprise Protection, Proofpoint’s Targeted Attack Protection, Proofpoint
`
`Essentials, Proofpoint Protection Server, Proofpoint Messaging Security GatewayHackAlertSuite,
`
`HackAlert Website Monitoring, HackAlert Safe Impressions, HackAlert Safelmpressions, HackAlert
`
`CodeSecure, HackAlert Vulnerability Assessment and SmartWAF..
`
`47.
`
`In additionto directly infringing the Patents-In-Suit pursuant to 35 U.S.C. § 271(a)
`
`eitherliterally or under the doctrine of equivalents, Defendants indirectly infringe the ‘822 Patent, the
`
`‘633 Patent, the ‘844 Patent, the ‘305 Patent, the ‘408 Patent, the ‘086 Patent and the ‘918 Patent
`
`pursuant to 35 U.S.C. § 271(b) byinstructing, directing and/or requiring others, includingits users
`
`and developers, to perform all or someofthe steps of method claimsof the Patents-In-Suit, either
`
`literally or under the doctrine of equivalents.
`
`COUNT I
`(Direct Infringement of the ‘822 Patent pursuantto 35 U.S.C. § 271(a))
`
`48.
`
`Finjan repeats, realleges, and incorporates by reference,asif fully set forth herein, the
`
`allegations of the preceding paragraphs,as set forth above.
`
`1]
`
`COMPLAINT FOR PATENT INFRINGEMENT
`CASE NO.
`
`
`
`
`
`

`

`
`
`onsA
`
`Neo}
`
`Case3:13-c.-05808 Document Filed12/16/13 + agel3 of 40
`
`49.
`
`Defendants have infringed and continueto infringe one or more claims ofthe ‘822
`
`Patent in violation of 35 U.S.C. § 271 (a).
`
`50.
`
`Defendants’ infringement is based uponliteral infringementor,in the alternative,
`
`infringement underthe doctrine of equivalents.
`
`51.
`
`Defendants’ acts of making, using, importing, selling, and/or offering for sale infringing
`
`products and services have been without the permission, consent, authorization or license of Finjan.
`
`52.
`
`Defendants’ infringementincludes, butis not limited to, the manufacture, use, sale,
`
`importation and/or offer for sale of Defendants’ products and services, including but not limited to
`
`HackAlert, Proofpoint Malware Analysis Service, and Proofpoint Targeted Attack Protection, which
`
`embodythe patented invention of the ‘822 Patent.
`
`53.
`
`Asaresult of Defendants’ unlawful activities, Finjan has suffered and will continue to
`
`suffer irreparable harm for which there is no adequate remedy at law. Accordingly, Finjanis entitled
`
`to preliminary and/or permanentinjunctiverelief.
`
`54.
`
`Defendants’ infringementof the ‘822 Patent has injured and continuesto injure Finjan
`
`in an amountto be provenattrial.
`
`COUNT Il
`(Indirect Infringement of the ‘822 Patent pursuant to 35 U.S.C. § 271(b))
`Finjan repeats, realleges, and incorporates by reference,asif fully set forth herein, the
`
`55.
`
`allegations of the preceding paragraphs,as set forth above.
`
`56.
`
`Defendants have induced and continue to induce infringementofat least claims 1-3, 4-
`
`8, and 16-27 of the ‘822 Patent under 35 U.S.C. § 271(b).
`
`57.
`
`In addition to directly infringing the ‘822 Patent, Defendants indirectly infringe the
`
`‘822 Patent pursuant to 35 U.S.C.§ 271(b) byinstructing, directing and/or requiring others, including
`
`but notlimited to its customers, users and developers,to perform all or someofthe steps of the
`
`12
`
`COMPLAINT FOR PATENT INFRINGEMENT
`CASE NO.
`
`
`
`
`
`
`

`

`
`
`ae
`
`aDAWN
`
`il
`
`12
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`Case3:13-L.-05808 Document Filed12/16/13 . ugei4 of 40
`
`method claims, eitherliterally or under the doctrine of equivalents, of the “822 Patent, whereall the
`
`steps of the method claimsare performed by either Defendants ortheir customers, users or
`
`developers, or some combination thereof. Defendants have knownor have been willfully blind to the
`
`fact that they are inducingothers, including customers, users and developers, to infringe by
`
`practicing, either themselves or in conjunction with Defendants, one or more methodclaimsof the
`
`822 Patent.
`
`58.
`
`Defendants knowingly and actively aid and abetthe direct infringementof the ‘822
`
`Patent by instructing and encouraging their customers, users and developers to use the HackAlert,
`
`Proofpoint Malware Analysis Service, and Proofpoint Targeted Attack Protection. Such instructions
`
`and encouragementinclude, but are not limited to, advising third parties to use the HackAlert,
`
`Proofpoint Malware Analysis Service, and Proofpoint Targeted Attack Protection in an infringing
`
`manner; providing a mechanism through which third parties may infringe the ‘822 Patent, specifically
`through the use of the HackAlert, Proofpoint Malware Analysis Service, and Proofpoint Targeted
`Attack Protection; advertising and promoting the use ofthe HackAlert, Proofpoint Malware Analysis
`
`Service, and Proofpoint Targeted Attack Protection in an infringing manner; and distributing
`
`guidelines and instructions to third parties on how to use the HackAlert, Proofpoint Malware Analysis
`
`
`
`Service, and Proofpoint Targeted Attack Protection in an infringing manner.
`
`59.
`
`Defendants provide detailed instructions to their customers and users regardingall
`
`aspects of the HackAlert, Proofpoint Malware Analysis Service, and Proofpoint Targeted Attack
`
`Protection, including HackAlert Suite, HackAlert Website Monitoring, HackAlert Safe Impressions,
`
`HackAlert Safelmpressions, HackAlert Vulnerability Assessment, Proofpoint Enterprise Protection,
`
`Proofpoint’s Targeted Attack Protection, Proofpoint Essentials (including the packages of Beginner,
`
`Business, and Professional), Proofpoint Protection Server, and Proofpoint Messaging Security
`
`13
`
`COMPLAINT FOR PATENT INFRINGEMENT
`CASE NO.
`
`

`

`Case3:13-Lv-05808 Documentl Filed12/16/13 . age15 of 40
`
`Gateway. Examplesofthese instructions can be found at the Armorize Resource Center(at
`
`http://armorize.com/index.php?link_id=product), Armorize Forums / Tutorials, FAQs (at
`
`
`
`-Resources), and Proofpoint Resources
`
`(at http:/Avww.proofpoint.com/resources/index.php).
`
`60.
`
`Proofpointitself and through its authorized partners regularly provides classroom style
`
`training, demonstrations, webinars, and certification programsto help users use Proofpoint Targeted
`
`Attack Protection and Malware Analysis Service, including without limitation the following:
`
`e Webinars on Contextual Security Approachto Protection From Targeted Threats,
`Undetected Threats: Finding and protecting against hundreds of missed attacks,
`Combatting 2013’s Most DangerousAttacks, and Spearing the Spear Phishers: How
`to Reliably Defeat Targeted Attacks. See
`http://www.proofpoint.com/resources/webinars php (attached as Exhibit Q).
`
`Demonstrations including Proofpoint Integrated Product Suite Demo and Proofpoint
`Enterprise Protection Live Demo. The demonstrations show howto use the
`Targeted Attack Protection to protect organizations. See
`http://www.proofpoint.com/resources/demos.php (attached as Exhibit R).
`Technical Briefs on Proofpoint Zero-Hour Anti-Virus and White Papers on Targeted
`Attack: The Best Defense, Defense against the Dark Arts: Finding and Stopping
`Advanced Threats, and Longline Phishing: A New Class of Advanced Phishing
`Attacks. See http://www.proofpoint.com/resources/white-papers.php (attached as
`Exhibit 8),
`
`Proofpoint Education Portal which offers courses in Enterprise Protection
`Accredited Engineer, Enterprise Protection Suite, Enterprise Protection for the
`Administrator, Proofpoint Targeted Attack Protection for End Users, Staying Safe
`on Email, and Enterprise Protection Associate Level Training. See
`http:/Avww.training.proofpoint.com/courses-draft/ (attached as Exhibit T).
`
`Proofpoint Education Portal which offers On-Site Training where a group of up to 8
`people can betrained live by Proofpoint to use their Protection products. See
`http://www trainingproofpoint.com/classroom-schedule/on-site/ (attached as
`Exhibit U).
`
`Proofpoint offers Professional Services, which helps customers design and implement
`
`Proofpoint’s products onto the customers’ network. Professional Services also offers integration,
`
`customization, training and maintenance of Proofpoint’s products.
`
`14
`
`COMPLAINT FOR PATENT INFRINGEMENT
`CASE NO.
`
`
`
`

`

`
`
`Case3:13-c.-05808 Documentl Filed12/16/13 + age16 of 40
`
`62.
`
` Armorize poststutorials, user guides, troubleshooting and explanationsonits online
`
`forum on how to use Armorize technology. These include withoutlimitation HackAlert Resources,
`
`HackAlert Safelmpression question documents, tutorials on whatto do “when a drive-by-download
`
`knocks at your door,” tutorial on “How to add a website into HackAlert to be monitored,” and
`
`tutorial on “what to do when receiving an alert.” See https://armorize.zendesk.com/categories/5972-
`
`Tutorials-FAQs-Resources(attached as Exhibit V).
`
`63.
`
` Armorize provides the HackAlert V5 API, which encourages developers and
`
`customers to use HackAlert with step-by-step instructions on how to integrate into the HackAlert
`
`Software. See Armorize Malware Scanning and Forensics Extraction AP] (attached as Exhibit P).
`
`64.
`
`Defendantsactively and intentionally maintains and updates websites, including
`
`Proofpoint.com and Armorize.com, to promote and provide demonstration, instruction and technical
`
`assistance for the HackAlert, Proofpoint Malware Analysis Service, and Proofpoint Targeted Attack
`
`Protection products, and to encourage customers,users and developersto use the HackAlert,
`Proofpoint Malware Analysis Service, and Proofpoint Targeted Attack Protection products and
`
`practice the methods taught in the ‘822 Patent.
`
`65.
`
`Defendants have had knowledge ofthe ‘822 Patentat least as of the time they learned
`
`ofthis action for infringement, and by continuing their actions described above, Defendants have had
`
`the specific intent to or were willfully blind to the fact that their actions would induce infringement of
`
`the ‘822 Patent.
`
`COUNT I]
`(Direct Infringement of the ‘633 Patent pursuantto 35 U.S.C. § 271(a))
`Finjan repeats, realleges, and incorporates by reference, as if fully set forth herein, the
`
`66.
`
`allegations of the preceding paragraphs, as set forth above.
`
`15
`
`COMPLAINT FOR PATENT INFRINGEMENT
`CASE NO.
`
`

`

`Case3:13-c.-05808 Documenti Filed12/16/13 . agel7 of 40
`
`67.
`
`Defendants have infringed and continueto infringe one or more claims of the “633
`
`Patent in violation of 35 U.S.C. § 271(a).
`
`68.
`
`Defendants’ infringementis based uponliteral infringementor, in the alternative,
`
`infringement underthe doctrine of equivalents.
`
`69.
`
`Defendants’ acts of making, using, importing,selling, and/or offering for sale infringing
`
`products and services have been withoutthe permission, consent, authorization or license of Finjan,
`
`70.
`
`Defendants’ infringementincludes, but is not limited to, the manufacture, use, sale,
`
`importation and/or offer for sale of Defendants’ products andservices, including but not limited to
`
`the HackAlert, Proofpoint Malware Analysis Service, and Proofpoint Targeted Attack Protection,
`
`which embody the patented invention of the ‘633 Patent.
`
`71.
`
` Asaresult of Defendants’ unlawful activities, Finjan has suffered and will continue to
`
`suffer irreparable harm for which there is no adequate remedyat law. Accordingly, Finjan is entitled
`
`to preliminary and/or permanentinjunctiverelief.
`
`72.
`
`Defendants’ infringement of the ‘633 Patent has injured and continues to injure Finjan
`
`in an amountto be provenattrial.
`
`COUNT IV
`(Indirect Infringement of the ‘633 Patent pursuantto 35 U.S.C. §§ 271(b))
`Finjan repeats, realleges, and incorporates byreference,as if fully set forth herein, the
`
`73.
`
`allegations ofthe preceding paragraphs,as set forth above.
`
`74.
`
`Defendants have induced andcontinue to induceinfringementofat least claims 1-7
`
`and 28-33 of the ‘633 Patent under 35 U.S.C. § 271(b).
`
`75.
`
`In addition to directly infringing the ‘633 Patent, Defendants indirectly infringe the
`
`‘633 Patent pursuant to 35 U.S.C. § 271(b) by instructing, directing and/or requiring others, including
`
`but not limited to its customers, users and developers, to performall or someofthe steps of the
`
`
`
`16
`
`COMPLAINT FOR PATENT INFRINGEMENT
`CASE NO.
`
`
`
`“s W
`
`Co
`
`1 1
`
`2
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`
`
`

`

`Case3:13-cv-05808 Document] Filed12/16/13 . age18 of 40
`
`methodclaims,eitherliterally or under the doctrine of equivalents, of the “633 Patent, whereall the
`
`steps of the method claimsare performed by either Defendants or their customers, users or
`
`developers, or some combination thereof. Defendants have knownor have been willfully blind to the
`
`fact that they are inducing others, including customers, users and developers, to infringe by
`
`practicing, either themselves or in conjunction with Defendants, one or more method claims ofthe
`
`‘633 Patent.
`
`76.
`
`Defendants knowingly and actively aid and abet the direct infringementof the 633
`
`Patentby instructing and encouraging their customers, users and developers to use the HackAlert,
`
`Proofpoint Malware Analysis Service, and Proofpoint Targeted Attack Protection. Such instructions
`
`and encouragement include butare notlimited to, advising third parties to use Hack Alert, Proofpoint
`
`Malware Analysis Service, and Proofpoint Targeted Attack Protection in an infringing manner;
`
`providing a mechanism through which third parties may infringe the ‘633 Patent, specifically through
`
`the use of HackAlert, Proofpoint Malware Analysis Service, and Proofpoint Targeted Attack
`
`Protection; advertising and promoting the use of HackAlert, Proofpoint Malware Analysis Service,
`
`and Proofpoint Targeted Attack Protection in an infringing manner, and distributing guidelines and
`
`instructionsto third parties on how to use HackAlert, Proofpoint Malware Analysis Service, and
`
`Proofpoint Targeted Attack Protection in an infringing manner.
`
`77.
`
`Defendants provide detailed instruction to its customers and users regardingall aspects
`
`of the HackAlert, Proofpoint Malware Analysis Service, and Proofpoint Targeted Attack Protection
`
`including, HackAlert Suite, HackAlert Website Monitoring, HackAlert Safe Impressions, HackAlert
`
`Safelmpressions, HackAlert Vulnerability Assessment, Proofpoint Enterprise Protection,
`
`Proofpoint’s Targeted Attack Protection, Proofpoint Essentials (including the packages of Beginner,
`
`Business, and Professional), Proofpoint Protection Server, and Proofpoint Messaging Security
`
`17
`
`COMPLAINT FOR PATENT INFRINGEMENT
`CASE NO.
`
`10
`
`11
`
`12
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`a&
`
`Case3:13-vv-05808 Documenti Filed12/16/13
`
`ie
`
`; aget of 40
`
`PAUL J. ANDRE (State Bar No. 196585)
`pandre@kramerlevin.com
`LISA KOBIALKA(State Bar No. 191404)
`Ikobialka@kramerlevin.com
`JAMES HANNAH(State Bar No. 237978)
`jhannah@kramerlevin.com
`KRAMERLEVIN NAFTALIS & FRANKEL LLP
`990 Marsh Road
`Menlo Park, CA 94025
`Telephone: (650) 752-1700
`Facsimile: (650) 752-1800
`
`Attorneysfor Plaintiff
`FINJAN, INC.
`
`ioe)
`
`4
`
`sanN
`
`IN THE UNITEDSTATES DISTRICT COURT
`
`FOR THE NORTHERN DISTRICT OF CALIFORNIA
`
`FINJAN, INC.,
`
`Case No.:
`
`COMPLAINT FOR PATENT
`INFRINGEMENT
`
`DEMANDFOR JURY TRIAL
`
`
`
`Plaintiff,
`
`Vv.
`
`PROOFPOINT, INC. AND ARMORIZE
`TECHNOLOGIES, INC.
`
`Defendants.
`
`
`
`
`COMPLAINT FOR PATENT INFRINGEMENT
`CASE NO.
`
`

`

`Case3:13-c.-05808 Documentl Filed12/16/13 . uge19 of 40
`
`Gateway. Examplesof these instructions can be foundat the Armorize Resource Center located at
`
`1
`2||http://armorize.com/index.php?link id=product, Armorize Forums/ Tutorials, FAQs(at
`
` https://armorize.zendesk.com/categories/5972-Tutorials-FAQs-Resources), and Proofpoint Resources
`
`(at http://www.proofpoint.com/resources/index.php).
`
`78,
`
`Proofpointitself and through its authorized partners regularly provides class-room
`
`style training, demonstrations, webinars, and certification programsto help users use Proofpoint
`
`Targeted Attack Protection and Malware Analysis Service, including withoutlimitation the
`
`following:
`
`OOsDDN
`
`\O
`
`Webinars on Contextual Security Approach to Protection From Targeted Threats,
`Undetected Threats: Finding and protecting against hundreds of missed attacks,
`Combatting 2013’s Most DangerousAttacks, and Spearing the Spear Phishers: How
`to Reliably Defeat Targeted Attacks. See
`http://www.proofpoint.com/resources/webinars.php (attached as Exhibit Q).
`
`Demonstrations including Proofpoint Integrated Product Suite Demo and Proofpoint
`Enterprise Protection Live Demo. The demonstrations show how to use the
`Targeted Attack Protection to protect organizations. See
`http://www.proofpoint.com/resources/demos.php(attached as Exhibit R).
`
`Technical Briefs on Proofpoint Zero-Hour Anti-Virus and White Papers on Targeted
`Attack: The Best Defense, Defense against the Dark Arts: Finding and Stopping
`Advanced Threats, and Longline Phishing: A New Class of Advanced Phishing
`Attacks. See http://www.proofpoint.com/resources/white-papers.php (attached as
`Exhibit S).
`
`Proofpoint Education Portal, which offers courses in Enterprise Protection
`Accredited Engineer, Enterprise Protection Suite, Enterprise Protection for the
`Administrator, Proofpoint Targeted Attack Protection for End Users, Staying Safe
`on E-mail, and Enterprise Protection Associate Level Training. See
`http://www.training.proofpoint.com/courses-draft/ (attached as Exhibit T).
`
`Proofpoint Education Portal which offers On-Site Training where a group of up to 8
`people can betrained live by Proofpointto use their Protection products. See
`
`http:/Avww.training.proofpoint.com/classroom-schedule/on-site/ (attached as
`Exhibit U).
`
`18
`
`COMPLAINT FOR PATENT INFRINGEMENT
`CASE NO,
`
`
`
`
`
`

`

`Case3:13-c.-05808 Document Filed12/16/13 . uge20 of 40
`
`79.
`
` Proofpoint offers Professional Services, which helps customers design and implement
`
`Proofpoint’s products onto the customers’ network. Professional Services also offers integration,
`
`customization, training and maintenance of Proofpoint’s products.
`
`80.
`
`Armorize posts tutorials, user guides, troubleshooting and explanationsonits online
`
`forum on how to use Armorize technology. These include withoutlimitation HackAlert Resources,
`
`HackAlert Safelmpression question documents, tutorials on what to do “when a drive-by-download
`
`knocks at your door,” tutorial on “How to add a website into HackAlert to be monitored,” and
`
`tutorial on “what to do when receiving analert.” See https://armorize.zendesk.com/categories/5972-
`
`Tutorials-FAQs-Resources (attached as Exhibit V).
`
`81.
`
` Armorize provides the HackAlert V5 API, which encourages developers and
`
`customers to use HackAlert with step-by-step instructions on howto integrate into the HackAlert
`
`Software. See Armorize Malware Scanning and Forensics Extraction API (attached as Exhibit P).
`
`82.
`
`Defendants actively and intentionally maintain and update their websites, including
`
`Proofpoint.com and Armorize.com, to promote and provide demonstration, instruction and technical
`assistance for the HackAlert, Proofpoint Malware Analysis Service, and Proofpoint Targeted Attack
`
`Protection products, and to encourage customers,users and developersto use the HackAlert,
`
`Proofpoint Malware Analysis Service, and Proofpoint Targeted Attack Protection products and
`
`practice the methods taught in the ‘633 Patent.
`
`83.
`
`Defendants have had knowledgeof the ‘633 Patentat least as of the time they learned
`
`of this action for infringement, and by continuing the actions described above, Defendants have had
`
`the specific intent to or was willfully blind to the fact that their actions would induce infringement of
`
`the ‘633 Patent.
`
`
`
`19
`
`COMPLAINT FOR PATENT INFRINGEMENT
`CASE NO.
`
`1]
`
`12
`
`13
`
`15
`
`16
`
`17
`
`18
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`26
`
`27
`
`28
`
`

`

`Case3:13-L.-05808 Documenti Filed12/16/13 . age21 of 40
`
`COUNT V
`(Direct Infringementof the “844 Patent pursuantto 35 U.S.C. § 271(a))
`Finjan repeats, realleges, and incorporates by reference,asif fully set forth herein, the
`
`84.
`
`allegations of the preceding paragraphs,as set forth above.
`85.
` Proofpoint has infringed and continuesto infringe one or more claimsofthe ‘844
`
`Patent in violation of 35 U.S.C. § 271{a).
`86.
` Proofpoint’s infringement is based upon literal infringementor, in the alternative,
`
`
`
`infringement underthe doctrine of equivalents.
`87.
` Proofpoint’s acts of making,using, importing, selling, and/or offering for sale infringing
`products and services have been without the permission, consent, authorization or license ofFinjan.
`88.
`Proofpoint’s infringement includes, but is not limited to, the manufacture, use, sale,
`importation and/or offer for sale ofProofpoint’s products andservices, including but notlimited to
`Proofpoint Malware Analysis Service and Proofpoint Targeted Attack Protection, which embodies
`
`
`
`
`
`
`
`
`the patented invention ofthe ‘844 Patent.
`89.
`As aresult ofProofpoint’s unlawfulactivities, Finjan has suffered and will continue to
`suffer irreparable harm for which there is no adequate remedyatlaw. Accordingly, Finjan is entitled
`
`to preliminary and/or permanent injunctiverelief.
`90.
`Proofpoint’s infringement ofthe ‘844 Patent has injured and continues to injure Finjan
`
`in an amountto be proven attrial.
`
`COUNT VI
`(Indirect Infringementof the ‘$44 Patent pursuantto 35 U.S.C.§ 271(b))
`Finjan repeats, realleges, and incorporates by reference,asif fully set forth herein, the
`
`91.
`
`allegations ofthe preceding paragraphs,as set forth above.
`92,
` Proofpoint has induced and continues to induce infringementofat least claims 1-14
`
`and 22-27of the ‘844 Patent under 35 U.S.C. § 271(b).
`
`20
`
`COMPLAINT FOR PATENT INFRINGEMENT
`CASE NO.
`
`
`
`
`
`
`
`
`

`

`Case3:13--Lv-05808 Documentl Ciled12/16/13 . age22 of 40
`
`In addition to directly infringing the ‘844 Patent, Proofpointindirectly infringes the
`93.
`
`‘844 Patent pursuant to 35 U.S.C.§ 271(b) by instructing, directing and/or requiring others, including
`but not limited to its customers, users and developers, to perform all or someofthe steps ofthe
`
`
`methodclaims,either literally or under the doctrine of equivalents, ofthe ‘844 Patent, where all the
`steps ofthe methodclaimsare performed by either Proofpoint or its customers, users or developers,
`
`or some combination thereof. Proofpoint has known orhasbeenwillfully blind to the fact that it is
`
`inducing others, including customers, users and developers, to infringe by practicing, either
`
`themselves or in conjunction with Proofpoint, one or more methodclaimsofthe ‘844 Patent.
`
`
`94.
` Proofpoint knowingly and actively aids and abetsthe direct infringement ofthe ‘844
`
`Patent by instructing and encouraging its customers, users and developers to use the Proofpoint
`Malware Analysis Service and Proofpoint Targeted Attack Protection. Such instructions and
`
`
`encouragement include butare not limited to, advising third parties to use the Proofpoint Malware
`Analysis Service and Proofpoint Targeted Attack Protection in an infringing manner, providing a
`
`mechanism through whichthird parties may infringe the ‘844 Patent, specifically through the use of
`
`the Proofpoint Malware Analysis Service and Proofpoint Targeted Attack Protection; advertising and
`
`promoting the use ofthe Proofpoint Malware Analysis Service and Proofpoint Targeted Attack
`
`Protection in an infringing manner; and distributing guidelines and instructionsto third parties on
`
`
`how to use the Proofpoint Malware Analysis Service and Proofpoint Targeted Attack Protection in an
`
`
`infringing manner.
`95,
` Proofpoint provides detailed instructions to its customersandusers regarding all
`aspects ofthe Proofpoint Malware Analysis Service and Proofpoint Targeted Attack Protection
`including, Proofpoint Enterprise Protection, Proofpoint’s Targeted Attack Protection, Proofpoint
`Essentials (including the packages ofBeginner, Business, and Professional), Proofpoint Protection
`
`
`
`COMPLAINT FOR PATENT INFRINGEMENT
`
`CASE NO.
`
`21
`
`

`

`Case3:13-..-05808 Document Eiled12/16/13 . age23 of 40
`
`Server, and Proofpoint Messaging Security Gateway. Examples ofthese instructions can be found at
`the Proofpoint Resources located at http://www.proofpoint.com/resources/index.php.
`96.
` Proofpoint itselfand through its authorized partners regularly provides class-room
`style training, demonstrations, webinars, and certification programsto help users use Proofpoint
`Targeted Attack Protection and Malware Analysis Service, including without limitation the
`
`following:
`
`a
`
`~
`
`9
`
`10
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`e Webinars on Contextual Security Approachto Protection From Targeted Threats,
`Undetected Threats: Finding and protecting against hundreds of missed attacks,
`Combatting 2013’s Most Dangerous Attacks, and Spearing the Spear Phishers: How
`to Reliably Defeat Targeted Attacks. See
`http://www.proofpoint.com/resources/webinars.php (attached as Exhibit Q).
`e Demonstrations includingProofp