Finjan, LLC v. Qualys Inc., No. 4:2018cv07229 - Document 188 (N.D. Cal. 2021)

Court Description: ORDER ORDER GRANTING IN PART AND DENYING IN PART DEFENDANTS MOTION TO STRIKE by Judge Yvonne Gonzalez Rogers ;granting 156 Administrative Motion to File Under Seal; granting 157 Administrative Motion to File Under Seal; granting in part and denying in part 158 Motion to Strike ; granting 163 Administrative Motion to File Under Seal. (fs, COURT STAFF) (Filed on 4/5/2021)
Download PDF
Finjan, LLC v. Qualys Inc. Doc. 188 1 2 3 UNITED STATES DISTRICT COURT 4 NORTHERN DISTRICT OF CALIFORNIA 5 6 FINJAN, INC., CASE NO. 4:18-cv-07229-YGR Plaintiff, 7 ORDER GRANTING IN PART AND DENYING IN PART DEFENDANT’S MOTION TO STRIKE vs. 8 9 QUALYS INC., Re: Dkt. No. 156, 157, 158, 163 Defendant. 10 United States District Court Northern District of California 11 12 Plaintiff Finjan, Inc. (“Finjan”) brings this patent infringement action against defendant 13 Qualys Inc. (“Qualys”) for direct and indirect infringement of its patents. Now before the Court is 14 Qualys’ motion strike certain portions of Finjan’s infringement and damages expert reports. (Dkt. 15 No. 158 (“Mot.”).) Qualys contends that Finjan’s expert, Dr. Nenad Medvidovic, introduced six 16 new theories in his report that were not disclosed in Finjan’s infringement contentions. Having 17 carefully considered the pleadings and the papers submitted,1 the Court GRANTS IN PART and 18 DENIES IN PART Qualys’ motion to strike. 19 I. BACKGROUND 20 Finjan accuses Qualys of infringing several patents, including U.S. Patent No. 8,225,408 21 (the “’408 Patent”). The ’408 Patent broadly relates to scanning content for “exploits” (security 22 vulnerabilities). (See ’408 Patent at 1:59-64.) It does so using a scanner that is specific to each 23 programming language and that includes rules to dynamically break down incoming content into 24 “tokens” and analyze patterns in those tokens. (See id. at 1:65-2:19.) Claim 1 recites: 25 26 1. A computer processor-based multi-lingual method for scanning incoming program code, comprising: 27 28 1 The Court finds the motion appropriate for resolution without oral argument and the matter is deemed submitted. Dockets.Justia.com receiving, by a computer, an incoming stream of program code; 1 determining, by the computer, any specific one of a plurality of programming languages in which the incoming stream is written; 2 3 7 instantiating, by the computer, a scanner for the specific programming language, in response to said determining, the scanner comprising parser rules and analyzer rules for the specific programming language, wherein the parser rules define certain patterns in terms of tokens, tokens being lexical constructs for the specific programming language, and wherein the analyzer rules identify certain combinations of tokens and patterns as being indicators of potential exploits, exploits being portions of program code that are malicious; 8 identifying, by the computer, individual tokens within the incoming stream; 4 5 6 9 dynamically building, by the computer while said receiving receives the incoming stream, a parse tree whose nodes represent tokens and patterns in accordance with the parser rules; 10 United States District Court Northern District of California 11 dynamically detecting, by the computer while said dynamically building builds the parse tree, combinations of nodes in the parse tree which are indicators of potential exploits, based on the analyzer rules; and 12 13 indicating, by the computer, the presence of potential exploits within the incoming stream, based on said dynamically detecting. 14 15 16 Finjan accuses the Qualys Cloud Platform, which comprises several interrelated products. 17 (Dkt. No. 1 (“Complaint”) ¶ 35; see Dkt. No. 164-3 (“Medvidovic Report”) ¶ 94.) Finjan served 18 its infringement contentions on April 19, 2019, describing generally how “each of the Accused 19 Products” meets the claim limitations. (Dkt. No. 158-6 (“Contentions”) at 2-18.) Fact discovery 20 closed on October 1, 2020, and the parties served their opening expert reports six weeks after that. 21 (Dkt. Nos. 39, 78.) Dr. Medvidovic and Dr. Eric Cole opined on infringement on behalf of Finjan. 22 (Medvidovic Report; Dkt. No. 158-3 (“Cole Report”).) Dr. DeForest McDuff opined on damages. 23 (Dkt. No. 158-4 (“McDuff Report”).) 24 II. 25 LEGAL STANDARD The Patent Local Rules “require parties to crystallize their theories of the case early in the 26 litigation and to adhere to those theories once they have been disclosed.” Simpson Strong-Tie Co., 27 Inc. v. Oz-Post Int’l, LLC, 411 F. Supp. 3d 975, 980-81 (N.D. Cal. 2019) (citation omitted). 28 Specifically, Patent Local Rule 3-1 requires a party asserting patent infringement to disclose each 2 United States District Court Northern District of California 1 “Accused Instrumentality” separately for each asserted claim, together with a chart “identifying 2 specifically where and how each limitation of each asserted claim is found within each Accused 3 Instrumentality.” Patent L.R. 3-1(b). Once these disclosures are made, they can only be amended 4 by Court order upon a showing of good cause. Patent L.R. 3-6. 5 The purpose of these rules is to “provide structure to discovery and to enable the parties to 6 move efficiently toward claim construction and the eventual resolution of their dispute.” Huawei 7 Techs., Co., Ltd v. Samsung Elecs. Co, Ltd., 340 F. Supp. 3d 934, 945 (N.D. Cal.2018) (citation 8 omitted). As such, “a party may not use an expert report to introduce new infringement theories, 9 new infringing instrumentalities, new invalidity theories, or new prior art references not disclosed 10 in the parties’ infringement contentions or invalidity contentions.” Looksmart Group, Inc. v. 11 Microsoft Corp., 386 F. Supp. 3d 1222, 1227 (N.D. Cal. 2019) (citation omitted). Undisclosed 12 theories “are barred . . . from presentation at trial (whether through expert opinion testimony or 13 otherwise).” MediaTek Inc. v. Freescale Semiconductor, Inc., No. 11-CV-5341-YGR, 2014 WL 14 690161, at *1 (N.D. Cal. Feb. 21, 2014). 15 A theory, however, is not the same as proof of that theory. Parties “need not ‘prove up’” 16 their case in contentions, and a patentee need only “provide reasonable notice to defendant why 17 [it] believes it has a reasonable chance of proving infringement.” Finjan, Inc. v. Blue Coat Sys., 18 Inc., No. 13-cv-03999-BLF, 2015 WL 3640694, at *2 (N.D. Cal. June 11, 2015) (citations and 19 quotation marks omitted). Courts thus distinguish “identification of the precise element of any 20 accused product alleged to practice a particular claim limitation” and “every evidentiary item of 21 proof showing that the accused element did in fact practice the limitation.” Genetech, Inc. v. Tr. of 22 Univ. of Penn., No. C 10-2037 LHK (PSG), 2012 WL 424985, at *1 (N.D. Cal. Feb. 9, 2012) 23 (citation and internal quotation marks omitted) (emphasis in original). In deciding whether to 24 strike expert testimony, the dispositive question is whether “the expert permissibly specified the 25 application of a disclosed theory” or “impermissibly substituted a new theory altogether.” Digital 26 Reg of Tex., LLC v. Adobe Sys. Inc., No. CV 12-01971-CW (KAW), 2014 WL 1653131, at *2 27 (N.D. Cal. Apr. 24, 2014) (citation omitted). 28 3 1 United States District Court Northern District of California 2 III. ANALYSIS Finjan moves to strike six “theories” in Dr. Medvidovic’s report, including purportedly 3 new theories related to (1) the Cloud Agent, (2) dynamically building a parse tree and detecting 4 exploits, (3) receiving content, (4) date of first infringement, (5) doctrine of equivalents, and (6) 5 foreign sales.2 The Court addresses each. 6 A. 7 Qualys first moves to strike Finjan’s Cloud Agent theories. According to Dr. Medvidovic, Cloud Agents 8 the accused Qualys Cloud Platform collects data through either a scanner—a physical or virtual 9 appliance deployed on a network—or a Cloud Agent, which is an application that resides on the 10 endpoint itself (e.g., on a laptop). (Medvidovic Report ¶¶ 96-100.) Dr. Medvidovic opines that 11 both methods satisfy the limitations of “scanning incoming code” and “receiving, by a computer, 12 an incoming stream of program code.” (Id. ¶¶ 183, 185, 187 & n.6, 195-96.) 13 In addition, Dr. Medvidovic opines that the Cloud Agent provides alternatives methods for 14 performing other steps, including determining a programming language (¶ 214), applying analyzer 15 rules (¶¶ 235-38), identifying individual tokens (¶ 258), dynamically building a parse tree (¶¶ 287- 16 89), dynamically detecting exploits (¶¶ 303-09), and indicating the presence of the exploit (¶¶ 325, 17 327). These opinions are incorporated into Dr. Medvidovic’s damages analysis, in so far as it does 18 not change where cloud agents in place of scanners are used. (Id. ¶ 446.) 19 Finjan’s infringement contentions did not identify the Cloud Agent for any limitation. 20 With respect to the “receiving” limitation, Finjan’s contentions disclosed that “[e]ach of the 21 Accused Products” receives incoming content in two ways: first, when executed “on a node that is 22 part of the Qualys Cloud computing environment,” and second, when residing on “Appliance 23 Scanners” dispersed as “endpoints throughout the computer network.” (Contentions at 2, 3-4.) 24 Qualys correctly points out that this does not specifically disclose a Cloud Agent. However, it 25 also does not specifically disclose a scanner (which does not reside at the endpoints). Instead, the 26 27 28 2 Following the filing of the motion, the parties stipulated to dismiss claim 29 of the ’408 Patent. (Dkt. No. 185.) The Court therefore denies the motion to strike paragraphs 415-19 and 427-30 as moot. 4 United States District Court Northern District of California 1 contentions appear to generically disclose that the accused product may reside on either the node 2 or the endpoint when receiving data. 3 While these contentions could have been more specific, the Court finds that Finjan 4 sufficiently disclosed its overall theory for this limitation. Finjan specifically identified the Cloud 5 Agent as an accused product in its initial disclosures (see Dkt. No. 164-4 at 4), and thus disclosed 6 the possibility of receiving content with a Cloud Agent at an endpoint. A comparison with other 7 contentions shows that Finjan performed a similar analysis for other patents, but then specifically 8 listed a “scanner” for each individual product as performing the claimed functions. (See Dkt. No. 9 100-11 at 180, 193 (showing the products at a node and endpoints), 189 (a “scanner for Cloud 10 Agent”).) The difference in specificity between these contentions appears to stem from the claim 11 language: claim 1 requires receiving content “by a computer,” and Dr. Medvidovic opines that the 12 computer is a “scanner engine,” “WAS scanner,” or “Qualys Cloud Platform working with a 13 Cloud Agent”—not the Cloud Agent itself. (See Medvidovic Report ¶ 185.) As such, Finjan did 14 not introduce a new theory by failing to specify that the Cloud Agent collects the data before the 15 “computer” associated with the Cloud Agent receives it.3 16 With respect to the other limitations, the difference between the contentions and the report 17 appear to be largely superficial. For instance, Dr. Medvidovic opines that both a scanner engine 18 and a server associated with a Cloud Agent search for exploits. (Id. ¶¶ 229-37; see also id. ¶¶ 257- 19 58 .) Finjan’s contentions broadly disclosed this theory. (See Contentions at 13-14.) Indeed, 20 some of the opinions that Qualys seeks to strike apparently conflate Cloud Agent and network 21 scanner functionality. (See, e.g., Medvidovic Report ¶¶ 325-27 (explaining that a Cloud Agent 22 provides “an internal view” while the scanner provides an “external view”).) Qualys therefore has 23 not shown that these are substantively new theories, as opposed to alternative ways of performing 24 the same accused functionality disclosed in contentions. Dr. Medvidovic’s opinions are therefore 25 properly considered an application of a theory, rather than a new theory itself. 26 27 28 3 Qualys agrees that the Cloud Agent does not itself scan data, which means that the “computer” that performs these functions must be the Cloud Platform server associated with the Cloud Agent. (Dkt. No. 157 at 3.) 5 1 Accordingly, the Court denies Qualys’ motion to strike the “Cloud Agent” theories. 2 B. 3 Qualys next argues that Dr. Medvidovic introduces new theories for “dynamic” exploit 4 detection, while also accusing new components. Claim 1 requires “dynamically building . . . a 5 parse tree” and then “dynamically detecting . . . indicators of potential exploits.”4 (’408 Patent at 6 claim 1.) In its contentions, Finjan disclosed that the accused products meet this limitation by 7 building XML parse trees “[d]uring the scans.” (Contentions at 15.) While Finjan pointed to 8 specific code for the tree building, it did not explain its basis for the contention that this process 9 happened during the scan. United States District Court Northern District of California 10 Dynamic Building and Detection In his report, Dr. Medvidovic opines on the same XML tree theory, and further claims that 11 the trees are built “immediately and while data is being received,” pointing to (1) deposition 12 testimony, (2) the use of parallelization, (3) evidence that the Qualys backend receives and 13 presents “partial results,” and (4) documents describing “real-time” collection. (Medvidovic 14 Report ¶¶ 262, 282-86, 290, 298-99, 302-20.) Of these, only parallelization presents an arguably 15 new theory; the rest is simply additional evidence that tree building and exploit detection occur 16 “during” the scan. Finjan was not obligated to disclose every bit of proof that it intends to rely on 17 in its contentions, and Qualys has not shown these to be new theories. See Finjan, Inc. v. Check 18 Point Software Techs., Inc., No. 18-cv-02621-WHO, 2019 WL 955000, at *3 (Feb. 27, 2019). 19 Qualys separately argues that Finjan accuses new components for the parse tree building in 20 the Medvidovic Report by discussing a “Unified Dashboard” that uses “Qualys Query Language” 21 that parses queries using a parse tree (Medvidovic Report ¶¶ 267-74) and “Mandate Based 22 Reporting” that “use[s] a tree structure.” (Id. ¶¶ 291-92.) Although Finjan claims that these 23 features are used by the “QWeb” disclosed in contentions, the theories are new on their face. (See 24 id. ¶¶ 266-74 (expressly discussing the Unified Dashboard as separate from the XML parse trees 25 discussed above), 291 (expressly discussing “another example” of Mandate Based Reporting as a 26 27 28 4 The parties disagree on the construction of these terms. Such claim construction disputes are not properly resolved on a motion to strike, and the Court here considers only whether Finjan adhered to its previously disclosed theories. 6 1 separate feature). However, the Court cannot determine that the additional evidence related to 2 XML trees constitutes a new theory. (Id. ¶¶ 276-81, 287-89, 293-300, 316-320, 303-05, 306-09.) 3 United States District Court Northern District of California 4 Accordingly, the Court strikes the Unified Dashboard and Mandate Based Reporting theories only. (Id. ¶¶ 267-74, 291-92.) 5 C. 6 Next, Qualys seeks to strike Dr. Medvidovic’s opinions regarding “Vulnerability Features” Receiving 7 that practice the limitation of “receiving, by a computer, an incoming stream of program code.” 8 Finjan’s contentions state that the accused products receive content “based on a client device 9 requesting the content from a source computer, such as the Internet” and “when a particular client 10 device requests content provided by a source computer.” (Contentions at 2-4.) Dr. Medvidovic, 11 however, opines that the accused “Vulnerability Features” perform their network scans to detect 12 vulnerabilities and policy compliance regardless of content requests and may receive data from 13 client devices on the same network. (See Medvidovic Report ¶¶ 184-97.) 14 The Court has reviewed these portions of the report and cannot determine that they present 15 a new theory. In particular, the Court cannot determine that the features described by Dr. 16 Medvidovic do not involve a client device requesting content from any source computer. That the 17 data is not directly received from the Internet does not appear to be dispositive. Nor is the use of 18 internal networks, as opposed to the Internet specifically. Accordingly, the Court denies Qualys’ 19 motion to strike these theories, without prejudice to renewal should Qualys demonstrate that 20 vulnerability scanning is not “based” on requests for content by the client device.5 21 D. 22 Qualys seeks to preclude Dr. Medvidovic from testifying that infringement occurred “no Date of First Infringement 23 earlier than 2005” (implying that infringement could have occurred in 2005 or later). (Medvidovic 24 Report ¶ 21.) In its contentions, Finjan listed November 29, 2018 as the theoretical date of first 25 infringement. (Dkt. No. 100-1 at 11.) This is plainly a new theory and is struck. Finjan’s claim 26 27 28 5 The parties further dispute the location of the disclosed “receiver,” the use of multiple components together, the distinction between the Internet and other “networks,” and Cloud Agents. These additional disputes obscure Qualys’ main point. 7 United States District Court Northern District of California 1 that Dr. Medvidovic’s opinion is not about the date of first infringement is disingenuous—the 2 heading in the report states “Date of First Infringement.” (See Medvidovic Report § IV.A.) 3 However, the Court sees no basis to strike the opinions about current functionality of Qualys 4 products, which are not related to dates of infringement. (Id. ¶¶ 262, 277-83.) 5 Accordingly, the Court strikes paragraphs 21 and 22 only. 6 E. 7 Qualys next moves Dr. Medvidovic’s doctrine of equivalents theory for the limitation Doctrine of Equivalents 8 regarding a programming-language specific scanner containing parser rules for the language 9 (limitation 1d). (Medvidovic Report ¶¶ 250-53.) Dr. Medvidovic opines that the Qualys Cloud 10 Platform performs the same function, in the same way, and with the same results (the “function- 11 way-result” test) through software components that take the place of a physical scanner. (Id.) In 12 its contentions, Finjan disclosed this exact theory. (See Contentions at 13 (referring to software 13 components).) Although Qualys claims these contentions to be “vague,” they are only a little less 14 detailed than Dr. Medvidovic’s ultimate opinions. 15 Accordingly, the Court denies Qualys’ request to strike the doctrine of equivalents theory. 16 F. 17 Qualys last moves Finjan’s experts’ opinions related to foreign sales, including paragraphs Foreign Sales 18 172-74 of the Medvidovic Report; paragraphs 1186, 1188-89, and 1871-73 of the Cole Report; 19 and paragraphs 8c, 13, 78, 87, 126, Tables 7 and 8, and Attachments B-1, B-2, B-4, B-5, B-6, B-8, 20 C-2, and J-1 of the McDuff Report. 21 The issue of foreign sales has already been decided: Magistrate Judge Hixson denied 22 Finjan’s motion to compel discovery into Qualys’ foreign sales as unsupported by its infringement 23 claims, and this Court agreed. (See Dkt. Nos. 105, 152.) As explained by Judge Hixson, “no 24 infringement occurs when a patented product is made and sold in another country.” (Dkt. No. 105 25 at 1.) This is true for both system and computer-readable medium claims. (Dkt. No. 152 at 2.) 26 Finjan’s infringement theories, as stated in its contentions, did not show infringement for products 27 sold abroad, so as to make such sales relevant to any claim. 28 Finjan now argues that these decisions “did not remove the subject of ‘foreign sales’ from 8 1 the scope of trial” because the orders were based on theories of “mere development” of the 2 accused products in the United States. This claim is baffling. The orders were based on 3 infringement theories disclosed in Finjan’s infringement contentions. To the extent that Finjan 4 now relies on a different theory, it was not disclosed in contentions. To the extent that it relies on 5 the old theory, foreign sales are not relevant. Finjan’s experts appear to opine that foreign sales are relevant because non-U.S. customers United States District Court Northern District of California 6 7 “benefit” from Qualys’ U.S.-based infringement. Dr. Medvidovic and Dr. Cole opine that U.S. 8 activities contribute to the “Knowledge Base” of security issues, which increases the value of 9 Qualys’ products abroad. (Medvidovic Report ¶ 173; Cole Report ¶ 1188.) They also opine that 10 foreign customers benefit from the research and development that takes place in the United States. 11 (Medvidovic report ¶ 174; Cole Report ¶ 1189.) As explained in the prior orders, however, Finjan 12 has not shown that these activities constitute infringement, so as to permit considering foreign 13 sales in damages calculations—and, indeed, the Court previously rejected the U.S. development 14 argument. (Dkt. No. 152.) Accordingly, these opinions, together with Dr. McDuff’s opinions that 15 consider global sales in a reasonable royalty analysis, are struck. 16 IV. 17 CONCLUSION For the foregoing reasons, the Court STRIKES Dr. Medvidovic’s date of first infringement 18 (¶¶ 21, 22), Unified Dashboard (¶¶ 267-74), and Mandate Based Reporting (¶¶ 291-92) theories. 19 The Court further strikes Finjan’s experts’ theories related to foreign sales, including: 20 Paragraphs 172-74 of the Medvidovic Report; 21 Paragraphs 1186, 1188-89, and 1871-73 of the Cole Report; and 22 Paragraphs 8c, 13, 78, 87, 126; Tables 7 and 8; and Attachments B-1, B-2, B-4, B5, B-6, B-8, C-2, and J-1 of the McDuff Report (global sales only). 23 24 The remainder of Qualys’ motion to strike is DENIED.6 25 26 27 28 6 The parties’ administrative motions to seal are GRANTED to the extent indicated in the supporting declarations only. (Dkt. Nos. 156, 157, 163; see Dkt. Nos. 156-1, 157-1, 161, 165, 166-67.) The sealed portions contain confidential licensing and financial information, as well as some technical information. The parties shall file unredacted versions of the exhibits for which good cause has not been shown (e.g., exhibits F and G of the opposition) within seven days. 9 1 IT IS SO ORDERED. 2 3 Dated: April 5, 2021 YVONNE GONZALEZ ROGERS UNITED STATES DISTRICT COURT JUDGE 4 5 6 7 8 9 10 United States District Court Northern District of California 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 10