Copyright infringement at the movies

Breaking news and expert analysis on legal and compliance issues

[Back To Home][Back To Archives]

From Intellectual Property Law Daily, January 10, 2018

District court erred in denying JMOL to Blue Coat in dispute over malware-protection patent

By Mark Engstrom, J.D.

Symantec subsidiary Blue Coat Systems was entitled to a post-verdict judgment of non-infringement of a Finjan patent on "Policy-based caching" for malware protection (U.S. Patent No. 6,965,968), the U.S. Court of Appeals for the Federal Circuit has ruled. The district court’s denial of Blue Coat’s motion for judgment as a matter of law (JMOL) was therefore reversed, with respect to that patent. However, substantial evidence supported a jury’s finding that Blue Coat had infringed two additional Finjan patents: a "System and method for attaching a downloadable security profile to a downloadable" (U.S. Patent No. 6,154,844) and a "Method and system for caching at secure gateways" (U.S. Patent No. 7,418,731). With respect to those patents, the judgment of the district court was affirmed. Finally, the Federal Circuit vacated a damages award for the non-infringed ’968 patent and affirmed a damages award for the ’731 patent. With respect to the ’844 patent, the court found that: (1) Finjan failed to apportion damages to the infringing functionality and (2) the royalty rate of $8 per user was insufficiently supported (Finjan, Inc. v. Blue Coat Systems, Inc., January 10, 2018, Dyk, T.).

After a jury found that Blue Coat had infringed four Finjan patents involving malware protection, the jury awarded Finjan nearly $39.5 million: $24 million for infringing the ’844 patent, $6 million for the ’731 patent, $7.75 million for the ’968 patent, and $1,666,700 for the ’633 patent (U.S. Patent No. 7,647,633). After a bench trial, the district court decided that the ’844 patent was directed to patent-eligible subject matter under 35 U.S.C. §101.

Thereafter, the district court denied Blue Coat’s motions for JMOL and a new trial, concluding that Finjan had provided substantial evidence to support each finding of infringement and the jury’s award of damages. Blue Coat appealed the district court’s rulings on subject matter eligibility of the ’844 patent; infringement of the ’844, ’731, and ’968 patents; and damages for all four patents.

Subject matter eligibility. The ’844 patent described a method of providing computer security by scanning a "downloadable" and then attaching the results of the scan—to the downloadable—in the form of a newly generated file: a "security profile" that identified suspicious code in the received downloadable. The question for the Federal Circuit was whether the patent’s "behavior-based" virus scan provided an improvement in computer functionality such that the patented idea was not abstract. The Federal Circuit found that it did.

According to the court, the method of representative Claim 1 employed a new kind of file that enabled a computer security system to do things that it could not previously do. The "security profile" approach allowed "tailored" access for different users, and it ensured that threats were identified before reaching a user’s computer. The fact that the security profile identified suspicious code allowed the system to accumulate and use newly available, behavior-based information about potential threats. The asserted claims were thus directed to a "non-abstract improvement in computer functionality, rather than the abstract idea of computer security writ large."

Even if the claims were directed to a new idea, Blue Coat argued, they remained unpatentably "abstract" because they failed to sufficiently describe how to implement the idea. The court disagreed. The claims recited more than a mere result; they recited specific steps—i.e., generating a security profile that identified suspicious code and linking it to a downloadable—that accomplished the desired result. Moreover, Blue Coat did not contend that the only thing disclosed was the result, rather than an inventive arrangement for accomplishing the result. In the court’s view, the idea was not abstract, and there was no need to proceed to the second step of the Alice analysis.

Infringement, ’844 patent. Blue Coat argued that the asserted claims, which required "linking a security profile to a downloadable ‘before a web server makes the Downloadable available to web clients,’" could be infringed only by a server-side product that evaluated content before it was published to the Internet. One of the accused products—Blue Coat’s WebPulse—was a cloud-based service that provided information about downloadables to a customer’s network gateway to help the gateway determine whether a particular downloadable could be accessed by a specific end user. In Blue Coat’s view, no infringement was possible because WebPulse evaluated downloadables that were already available on the Internet.

Again, the court disagreed. Blue Coat made no request for a claim construction that would require "linking the security profile to the downloadable before the downloadable [wa]s placed on the Internet," the court explained, and Blue Coat could not raise the claim construction issue for the first time in post-trial motions. The claim, as construed by the district court, required "linking by the inspector the first Downloadable security profile to the Downloadable before [a/the] non-network gateway web server make[s] the Downloadable available to web clients."

In the court’s view, the jury could reasonably interpret "web clients" to refer to the specific web clients that were protected by the claimed system. Likewise, the limitation requiring that linking occur before a downloadable was "ma[de] … available to web clients" could reasonably be understood to require that linking occur at some point before users were permitted to access the downloadable—but not necessarily before the downloadable was made available on the Internet.

Blue Coat conceded that, at the time a security profile is linked, the "particular web client cannot yet receive the downloadable—but the web server has made it available …." Given the undisputed evidence that WebPulse linked security profiles to downloadables before the downloadables could be received by users, the court found that the jury’s infringement verdict was supported by substantial evidence, with respect to the ’844 patent.

Infringement, ’731 patent. The ’731 patent described a computer gateway that protected a private intranet from malicious software embedded in webpages on the public Internet. The claimed gateway operated by scanning potentially malicious files and creating "security profiles" that comprised "a list of computer commands that the file is programmed to perform." Claim 17 specified that the security profile included "a list of at least one computer command that the retrieved file is programmed to perform."

Blue Coat argued that the ’731 patent was not infringed as a matter of law because the "security profiles" created by the accused product did not contain the requisite "list of computer commands." Because Blue Coat did not request a construction of the "list of commands" term, the Federal Circuit applied the ordinary meaning and concluded that substantial evidence supported the jury’s infringement verdict.

At trial, Finjan presented evidence showing that the accused product created a new file called "cookie2" each time it scanned an incoming file for potential malware. "Cookie2" comprised a set of fields, and each field represented various characteristics about the downloadable file. Fields 78–80 represented certain commands and showed whether those commands—such as eval(), unescape(), and document.write()—appeared in the incoming file. In fields 78–80, an integer represented the number of times each command appeared.

In the court’s view, substantial evidence supported the jury’s "implied" finding that the "list of commands" limitation was satisfied by the integers in Fields 78–80 of Cookie2. The ’731 patent was therefore infringed.

Infringement, ’968 patent. Blue Coat successfully argued that a judgment of non-infringement was warranted, with respect to the ’968 patent, because Finjan did not introduce substantial evidence to show that the accused products implemented the claimed "policy index."

The court noted that the ’968 patent was directed to a "policy-based" cache manager that could efficiently manage cached content according to a plurality of security policies. The policy-based cache manager in the ’968 patent was a data structure that tracked whether content was permitted under various policies. At claim construction, the parties stipulated that "policy index" meant "a data structure indicating allowability of cached content relative to a plurality of policies." The jury was instructed to apply, and the court tested the infringement verdict, based on that construction.

The policy index of the ’968 patent stored the "results" of a content evaluator’s determination of "whether a given digital content is allowable relative to a given policy," the court noted, but the accused product—Proxy SG, a gateway between an intranet of computers and the Internet at large—did not save final decisions about whether content could be accessed by users subject to a given policy; it simply stored the evaluation of each individual rule that went into making an ultimate policy decision. Because Finjan’s evidence failed to show that the accused product stored final allowability determinations, Blue Coat was entitled to a judgment of non-infringement.

Damages, ’844 patent. Blue Coat successfully argued that, in calculating a royalty base, Finjan failed to apportion damages to the infringing functionality. The Federal Circuit noted that, when the accused technology does not make up the whole of the accused product, apportionment is required. In those cases, the patentee must "give evidence tending to separate or apportion the [infringer]’s profits and the patentee’s damages between the patented feature and the unpatented features, and such evidence must be reliable and tangible, and not conjectural or speculative."

Blue Coat’s dynamic real-time rating engine (DRTR) is the part of its WebPulse product that analyzes URLs that have not been previously categorized. According to the court, DRTR performs both infringing and non-infringing functions. When a user requests access to a URL that is not in the WebPulse database, for example, DRTR analyzes the content, assigns a category or categories, and collects metadata about the site for further use. As part of that analysis, DRTR examines the URL for malicious or suspicious code, creates a type of "security profile" that highlights the information, and attaches the security profile to the given URL. That process infringes the ’844 patent, the court explained.

However, the DRTR also evaluates whether the URL fits into various categories, ranging from pornography to news, and the additional categories were unrelated to DRTR’s malware identification function. DRTR also collects metadata about the URL for Blue Coat’s later use. Ultimately, all of the infringing functionality occurs in DRTR, but some DRTR functions infringe and some do not.

At trial, Finjan tried to tie the royalty base to the incremental value of the infringement by multiplying WebPulse’s total number of users by the percentage of web traffic that passes through DRTR—the WebPulse component that performs the infringing method. DRTR processes roughly 4 percent of WebPulse’s total web requests, so Finjan established a royalty base by multiplying the 75 million worldwide WebPulse users by 4 percent.

According to Finjan, apportionment to DRTR was adequate because DRTR was the "smallest, identifiable technical component" that was tied to the footprint of the invention. In the court’s view, however, the fact that Finjan had established a royalty base that was based on the "smallest, identifiable technical component" did not insulate the company from the "essential requirement" that the "ultimate reasonable royalty award" be based on "the incremental value that the patented invention adds to the end product."

Because DRTR was a multi-component software engine that included non-infringing features, the percentage of web traffic that DRTR handled was not a proxy for the incremental value of the patented technology to WebPulse as a whole. According to the court, further apportionment was required to reflect the value of the patented technology compared to the value of the unpatented elements.

Further, to arrive at a lump sum reasonable royalty payment for infringement, Finjan multiplied the royalty base by a royalty rate of $8 per user. Blue Coat argued that Finjan failed to provide a basis for that rate, and the court agreed. There was no evidence to show that Finjan had ever used or proposed an $8-per-user fee in any comparable license or negotiation, the court explained.

In light of those findings, the court remanded the matter of damages, with respect to the ’844 patent, to the district court to determine whether: (1) Finjan had waived the right to establish reasonable royalty damages under a new theory and (2) a new trial on damages should be ordered.

Damages, ’731 and ’633 patents. For the ’731 and ’633 patents, Finjan apportioned the revenues for the royalty base between the infringing and non-infringing functionality of Proxy SG. According to Blue Coat, however, the apportionment was insufficient. The court disagreed. Although the record contained conflicting expert testimony, the existence of conflicting testimony did not mean that the damages award was unsupported by substantial evidence. Because the jury was entitled to believe the patentee’s expert, the damages awards for the infringement of the ’731 and ’633 patents were based on substantial evidence.

The case is No. 2016-2520.

Attorneys: Paul J. Andre (Kramer, Levin, Naftalis & Frankel, LLP) for Finjan, Inc. Mark A. Lemley (Durie Tangri LLP) for Blue Coat Systems, Inc.

Companies: Finjan, Inc.; Blue Coat Systems, Inc.

MainStory: TopStory Patent FedCirNews

Back to Top

IP Law Daily

Introducing Wolters Kluwer IP Law Daily — a daily reporting service created by attorneys, for attorneys — providing same-day coverage of breaking news, court decisions, legislation, and regulatory activity.


A complete daily report of the news that affects your world

  • View full summaries of federal and state court decisions.
  • Access full text of legislative and regulatory developments.
  • Customize your daily email by topic and/or jurisdiction.
  • Search archives for stories of interest.

Not just news — the right news

  • Get expert analysis written by subject matter specialists—created by attorneys for attorneys.
  • Track law firms and organizations in the headlines with our new “Who’s in the News” feature.
  • Promote your firm with our new reprint policy.

24/7 access for a 24/7 world

  • Forward information with special copyright permissions, encouraging collaboration between counsel and colleagues.
  • Save time with mobile apps for your BlackBerry, iPhone, iPad, Android, or Kindle.
  • Access all links from any mobile device without being prompted for user name and password.