Symantec Corporation v. Zscaler, Inc., No. 3:2017cv04426 - Document 220 (N.D. Cal. 2018)

Court Description: ORDER DENYING JUDGMENT ON THE PLEADINGS by Judge Jon S. Tigar denying 190 Motion for Judgment on the Pleadings. (wsn, COURT STAFF) (Filed on 7/23/2018)
Download PDF
Symantec Corporation v. Zscaler, Inc. Doc. 220 1 2 3 4 UNITED STATES DISTRICT COURT 5 NORTHERN DISTRICT OF CALIFORNIA 6 SYMANTEC CORPORATION, 7 Plaintiff, 8 v. 9 ORDER DENYING JUDGMENT ON THE PLEADINGS Re: ECF No. 190 ZSCALER, INC., 10 Defendant. 11 United States District Court Northern District of California Case No. 17-cv-04426-JST 12 Defendant Zscaler, Inc. moves for judgment on the pleadings as to Plaintiff Symantec 13 14 Corporation’s patent infringement claims for claim 1 and claim 5 of U.S. Patent No. 7,735,116 15 (“the ’116 patent”) because the claims are directed to patent-ineligible subject matter. ECF No. 16 190. The Court DENIES the motion for judgment on the pleadings. 17 I. BACKGROUND The parties compete in the computer security software field. ECF No. 18 at 5; ECF No. 10 18 19 at 5. Symantec alleges that Zscaler’s cloud-based security products infringe seven of its patents. 20 ECF No. 139 ¶ 18. In a related case, Symantec alleges that Zscaler’s products infringe an 21 additional seven patents. Symantec v. Zscaler, 17-cv-4414-JST, ECF No. 1 ¶ 15. The Court 22 previously granted Zscaler’s motion to dismiss two patents in suit on the grounds of ineligibility. 23 ECF No. 173. The Court also granted Zscaler leave to amend its invalidity contentions to assert a 24 contention against the ’116 patent. ECF No. 185. The ’116 patent generally claims a relational, 25 hierarchical system for sharing security checks between different security functions in a unified 26 threat management (“UTM”) system. ECF No. 1-1 at 79.1 27 28 Symantec asks the Court to consider its second amended complaint (“SAC”) in deciding the motion. ECF No. 194 at 8 (citing Aatrix Software, Inc. v. Green Shades Software, Inc., 882 F.3d 1 1 II. LEGAL STANDARD “After the pleadings are closed—but early enough not to delay trial—a party may move for 2 3 judgment on the pleadings.” Fed. R. Civ. P. 12(c). The analysis for Rule 12(c) motions for 4 judgment on the pleadings is “substantially identical to [the] analysis under Rule 12(b)(6).” 5 Chavez v. United States, 683 F.3d 1102, 1108 (9th Cir. 2012) (citation and quotation marks 6 omitted). “A judgment on the pleadings is properly granted when, taking all the allegations in the 7 non-moving party’s pleadings as true, the moving party is entitled to judgment as a matter of law.” 8 Fajardo v. Cty. of Los Angeles, 179 F.3d 698, 699 (9th Cir. 1999) (citation omitted); see also 9 Brooks v. Dunlop Mfg. Inc., No. C 10–04341 CRB, 2011 WL 6140912, at *3 (N.D. Cal. Dec. 9, 10 United States District Court Northern District of California 11 2011). Under section 101 of the Patent Act “abstract ideas are not patentable.” Alice Corp. Pty. v. 12 CLS Bank Int’l, 134 S. Ct. 2347, 2354 (2014). However, “an invention is not rendered ineligible 13 for patent simply because it involves an abstract concept.” Id. Courts must distinguish between 14 patents that claim abstract ideas, on the one hand, and patents “that claim patent-eligible 15 applications of those concepts,” on the other hand. Id. at 2355. To draw this distinction, courts 16 engage in a two-step analysis. 17 In step one, courts determine whether the claims at issue are “directed to an abstract idea.” 18 Id. at 2356-57. Courts look to whether claims are “directed to a specific improvement” or “to a 19 specific implementation of a solution to a problem.” Enfish, LLC v. Microsoft Corp., 822 F.3d 20 1327, 1338, 1339 (Fed. Cir. 2016). For software patents, this inquiry “often turns on whether the 21 claims focus on ‘the specific asserted improvement in computer capabilities’” or “on a process that 22 qualifies as an ‘abstract idea’ for which computers are invoked merely as a tool.” Finjan, Inc. v. 23 Blue Coat Sys., Inc., 879 F.3d 1299, 1303 (Fed. Cir. 2018) (quotation omitted). “The purely 24 25 26 27 28 functional nature of the claim confirms that it is directed to an abstract idea, not a concrete embodiment of that idea.” Affinity Labs of Texas, LLC v. Inc., 838 F.3d 1266, 1269 (Fed. Cir. 2016). A claim that could be performed by a human, excising generic computer 1121, 1125-1130 (Fed. Cir. 2018)). The Court declines this procedurally improper request. Moreover, in a concurrently filed order, the Court denies Symantec’s motion for leave to file its SAC. 2 1 implemented steps, is often abstract. Intellectual Ventures I LLC v. Alstom S.A., 838 F.3d 1307, 2 1318 (Fed. Cir. 2016). The same principle applies to claims that “only contain generalized 3 software components arranged to implement an abstract concept on a computer.” Accenture Glob. 4 Servs., GmbH v. Guidewire Software, Inc., 728 F.3d 1336, 1345 (Fed. Cir. 2013). If the court concludes in step one that the claims are directed to an abstract issue, the court 6 must then “consider the elements of each claim both individually and as an ordered combination” 7 to determine “whether it contains an inventive concept sufficient to transform the claimed abstract 8 idea into a patent-eligible application.” Alice, 134 S. Ct. at 2355, 2357 (internal quotation marks 9 omitted). A claim recites an inventive concept “when the claim limitations involve more than 10 performance of well-understood, routine, [and] conventional activities previously known to the 11 United States District Court Northern District of California 5 industry.” Berkheimer v. HP Inc., 881 F.3d 1360, 1367 (Fed. Cir. 2018) (quotation omitted). In 12 some cases, when improvements in the specification are captured in the claims, whether an 13 element or combination of elements is well-understood becomes a question of fact. Id. at 1368- 14 699; see also Cellspin Soft, Inc. v. Fitbit, Inc., No. 17-CV-05928-YGR, 2018 WL 1610690, at *10 15 n.12 (N.D. Cal. Apr. 3, 2018) (distinguishing Berkheimer where the plaintiff failed “to identify 16 any portion of the specification which describe[d] the purportedly inventive” concept); Uniloc 17 USA, Inc. v. Apple Inc., No. C 18-00358 WHA, 2018 WL 2287675, at *7 (N.D. Cal. May 18, 18 2018) (same). Both steps are informed by the claims and the specification. See Amdocs (Israel) 19 Ltd. v. Openet Telecom, Inc., 841 F.3d 1288, 1299 (Fed. Cir. 2016).2 20 III. DISCUSSION 21 The ’116 patent is titled “System and Method for Unified Threat Management with a 22 Relational Rules Methodology.” ECF No. 1-1 at 79. According to the specification, various kinds 23 of software were developed to guard against a host of different attacks. Id. at 99. The defenses 24 involved included “anti-virus software, anti-spam software, firewalls (both software and 25 26 27 28 The Federal Circuit has expressed “some doubt” as to whether it is appropriate to dismiss a claim on patent eligibility grounds prior to claim construction. Aatrix Software, Inc. v. Green Shades Software, Inc., 882 F.3d 1121, 1125 (Fed. Cir. 2018). But see MyMail, Ltd. v. ooVoo, LLC, No. 17-CV-04487-LHK, 2018 WL 1367385, at *4 (N.D. Cal. Mar. 16, 2018) (dismissing claims as ineligible without claim construction after Aatrix). The Court need not address that question because it denies the motion for judgment on the pleadings. 3 2 1 hardware), defenses against Denial-of-Service (DOS) attacks, anti-phishing technology, and so 2 forth. Id. These different software-based defenses developed as a “‘jumble’ of separate programs 3 or appliances,” leading to a great deal of complexity and redundancy as IT administrators 4 deployed software with overlapping capabilities. Id. (internal quotation marks in original). The 5 prior art placed those functions together in one UTM on a security gateway, but “security checks 6 [were] invoked at each decision point and the results [were] not shared among security features[,] 7 leading to a duplication of the checks and inefficient processing of rules.” Id. at 101. The ’116 8 patent’s hierarchical and relational approach to security eliminates this redundancy and “detects 9 and rejects bad data [] as soon as possible.” Id. at 102. A. 11 United States District Court Northern District of California 10 Claim 1 recites 12 13 Claim 1 A method of controlling access to a networked device, the method comprising: receiving an incoming message packet by a security gateway coupled to said networked device; 14 15 evaluating the received message packet to determine if the received message packet is compliant with a first test, the first test corresponding to a first level of a security hierarchy implemented by said security gateway, wherein the security hierarchy establishes a relationship between security functions from a lowest level to a highest level; and 16 17 18 the received packet is rejected at the earliest possible operation in the processing of the packet in the security hierarchy; 19 20 21 22 23 24 25 26 forwarding the received packet and an indication of its compliance with the first test for subsequent processing upon the received packet complying with the first test; and dropping the received packet whereby no further processing of the received packet is performed upon the received packet not complying with the first test. ECF No. 1-1 at 111. Zscaler argues claim 1 is abstract because “[s]tripped of computer jargon,” it “boils down 27 to . . . functional results: (i) receiv[ing] a packet; (ii) subject[ing] the packet to a first test in a 28 sequence of tests; and then (iii) forward[ing] the packet for further tests if it passes, or else 4 1 drop[ping] the packet if it fails.” ECF No. 190 at 10. Zscaler analogizes the claim to a human 2 resources manager receiving a job application, checking if there are open positions, and dropping 3 the application if not, but checking further for requisite training or experience if so. Id. at 11. 4 Symantec’s own description in its brief makes clear that claim 1 addresses an abstract concept: 5 organizing security tests into an information sharing hierarchy. ECF No. 194 at 16 (describing 6 “a security hierarchy that establishes a relationship between security functions, forwarding the 7 packet with an indication of compliance, and rejecting packets at the earliest possible 8 operation”). The Federal Circuit held that “[u]sing organizational and product group hierarchies 9 . . . is an abstract idea that has no particular concrete or tangible form or application. It is a building block, a basic conceptual framework for organizing information, similar to the claims 11 United States District Court Northern District of California 10 involving collecting, recognizing, and storing data in Content Extraction and the claims in 12 CyberSource.” Versata Dev. Grp., Inc. v. SAP Am., Inc., 793 F.3d 1306, 1333–34 (Fed. Cir. 13 2015) (citing Content Extraction & Transmission LLC v. Wells Fargo Bank, National Ass’n, 776 14 F.3d 1343 (Fed. Cir. 2014); CyberSource Corp. v. Retail Decisions, Inc., 654 F.3d 1366 (Fed. 15 Cir. 2011)). Because claim 1 does nothing more than relate security tests or functions in a 16 hierarchy, and share information, it is abstract. See FairWarning IP, LLC v. Iatric Sys., Inc., 839 17 F.3d 1089, 1094 (Fed. Cir. 2016) (finding claims “directed to collecting and analyzing 18 information to detect misuse and notifying a user when misuse is detected” abstract because they 19 are “merely directed to a combination of these abstract-idea categories”). 20 However, construing the claims in the manner most favorable to Symantec, Entler v. 21 Gregoire, 872 F.3d 1031, 1043 (9th Cir. 2017); Aatrix Software, Inc. v. Green Shades Software, 22 Inc., 882 F.3d 1121, 1124 (Fed. Cir. 2018), the ordered combination of elements in claim 1 is 23 inventive, at least at this preliminary stage. The specification makes clear that while the method of 24 placing disparate security functions together on a single UTM was in the prior art, organizing that 25 UTM’s functions or tests in any relational or hierarchical manner that shared information between 26 the various tests was not. ECF No. 1-1 at 99 (noting disadvantages with known UTM appliances); 27 see also id. at 100-101 (describing that tests were bolted onto UTMs without sharing results 28 between tests). These improvements are captured in claim 1, for example, through language 5 1 describing that message packets go to a test at “a first level of a security hierarchy,” and an 2 indication of compliance passes between tests. ECF No. 1-1 at 111. Based on the patent’s 3 discussion of the novelty of a hierarchical organization and information sharing system for UTMs, 4 the “question of whether a claim element or combination of elements is well-understood, routine 5 and conventional to a skilled artisan in the relevant field is a question of fact.” Berkheimer, 881 F. 6 3d at 1368. 7 B. Claim 5 8 Claim 5 recites 9 10 A method of controlling access to a networked device, the method comprising: United States District Court Northern District of California 11 receiving a plurality of incoming message packets by a security gateway coupled to said networked device; 12 identifying, at a level of a security hierarchy implemented by said security gateway, a subset of the plurality of incoming message packets as being an attack on the networked device, wherein the security hierarchy establishes a relationship between security functions from a lowest level to a highest level; 13 14 15 16 determining a plurality of indicator parameters of the identified subset of attacking message packets; 17 dynamically defining an attack defense processing rule as a function of the determined plurality of indicator parameters, wherein said attack defense processing rule may be at any level of said security hierarchy; and 18 19 20 applying the attack defense processing rule to subsequently received incoming message packets to fend off the identified attack. 21 22 ECF No. 1-1 at 111. 23 Claim 5 adds some detail to the patent’s general process, for example by determining 24 indicator parameters for an incoming packet, dynamically defining a rule based on those 25 indicators, and applying that rule to future attacks. Id. Zscaler analogizes the claim to sorting 26 mail: After noting characteristics of unwanted mail, such a bulk-rate stamp, an assistant might 27 develop a rule and throw away mail with that characteristic in the future. ECF No. 190 at 13. 28 6 1 Zscaler’s analogy overlooks that the rules are applied hierarchically, but as discussed, a 2 hierarchical arrangement will not keep a claim from abstraction. See Versata, 793 F.3d at 1333– 3 34; see also Fitbit Inc. v. AliphCom, No. 16-CV-00118-BLF, 2017 WL 819235, at *10 (N.D. Cal. 4 Mar. 2, 2017), reconsideration denied, No. 16-CV-00118-BLF, 2017 WL 3129989 (N.D. Cal. 5 July 24, 2017) (finding abstract the “general idea of data collection and reporting, but just applied 6 in the narrower context of reporting cumulative activity level”). Symantec argues the claim is not abstract because it dynamically defines rules at specific 7 levels in the hierarchy and applies those rules in subsequent attacks. ECF No. 194 at 23 9 (explaining the “multi-layered approach” “establishes a relationship between security functions 10 from a lowest level to a highest level”). Nothing in the patent, however, describes in what way 11 United States District Court Northern District of California 8 dynamically defining improves functionality, both because the phrase fails to describe how it 12 dynamically defines, and because it does not explain that dynamically defining improves any 13 computer function. Symantec also argues that by “dynamically defining” a rule, claim 5 can 14 “fend off a newly identified attack.” ECF No. 194 at 25. But neither Symantec’s reference nor 15 the Court’s own review reveals patent text that supports this argument. See ECF No. 194 at 22 16 (asserting “[t]he solution to the problem of fending off newly identified threats is captured in 17 Claim 5” without describing at all that, or how, claim 5 identifies new threats); ECF No. 1-1 at 18 111. In Finjan, the Federal Circuit concluded that a patent that behaviorally scanned a 19 downloadable file, and attached the scan results to that file, was not abstract because behavior- 20 based scanning improved computer functionality, and attaching the result allowed for “granular 21 information about potentially suspicious code.” Finjan, 879 F.3d at 1304. Claim 5 here is 22 distinguishable from the claim at issue in Finjan because that patent claimed a specific method, 23 behavioral scanning and attaching, to improve functionality and to avoid abstraction, whereas 24 here the patent simply describes a result: hierarchical scanning. Id. at 1304-1305 (distinguishing 25 the non-abstract patent because it specifically describes how the result is carried out).3 On 26 27 28 The phrase or term that comes closest to explaining “how” in claim 5 is “dynamically defining.” ECF No. 1-1 at 111. The Court will soon construe this term following a Markman hearing. The Court’s conclusion that claim 5 is abstract is only bolstered by Symantec’s proposal to either not construe dynamically define, or alternatively to define it as “in response to the attack,” neither of 7 3 1 2 balance, claim 5 is abstract. But at this procedural stage, the claim is saved at the inventiveness step. Unlike claim 1, 3 claim 5 fails to capture one of the ’116 patent’s purported inventive features: sharing information 4 between the related tests or functions. ECF No. 1-1 at 100-101. Claim 5 says nothing about 5 information sharing. Id. at 111. But it may be that the security hierarchy alone improved on the 6 prior art. See ECF No. 1-1 at 101 [specification] (“Advantageously, the security hierarchy 7 facilitates configurable degrees of security protection.”); id. (“[T]he URR provides for dropping 8 undesired traffic at the earliest point of the security hierarchy.”). As Symantec explains, by 9 utilizing a hierarchy, the ’116 patent rejects data as soon as possible, which improves upon prior UTMs which always scanned each of several tests. ECF No. 194 at 29. Like claim 1, claim 5 11 United States District Court Northern District of California 10 captures the specification’s claimed improvement in the form of setting up a relational, 12 hierarchical system for uniting the various functions. ECF No. 1-1 at 111 (“[T]he security 13 hierarchy establishes a relationship between security functions from a lower level to a highest 14 level[.]”). At the least, the specification raises an issue of fact as to inventiveness. See 15 Berkheimer, 881 F. 3d at 1368. CONCLUSION 16 17 18 19 20 21 22 For the aforementioned reasons, the Court DENIES Zscaler’s motion for judgment on the pleadings. IT IS SO ORDERED. Dated: July 23, 2018 ______________________________________ JON S. TIGAR United States District Judge 23 24 25 26 27 28 which offers guidance on how the result of hierarchical scanning is carried out. ECF No. 145-1 at 5-6. 8