from the United States District Court for the Northern
District of California in No. 5:13-cv-03999-BLF, Judge Beth
J. Andre, Kramer Levin Naftalis & Frankel LLP, Menlo
Park, CA, argued for plaintiff-appellee. Also represented by
James R. Hannah, Lisa Kobialka.
A. Lemley, Durie Tangri LLP, San Francisco, CA, argued for
defendant-appellant. Also represented by Sonali Deeksha
Maitra, Sonal Naresh Mehta, Clement Roberts; Olivia M. Kim,
Edward Poplawski, Wilson, Sonsini, Goodrich & Rosati,
P.C., Los Angeles, CA.
Dyk, Linn, and Hughes, Circuit Judges.
found Blue Coat Systems, Inc. ("Blue Coat") liable
for infringement of four patents owned by Finjan, Inc.
("Finjan") and awarded approximately $39.5 million
in reasonable royalty damages. After trial, the district
court concluded that the '844 patent was patent-eligible
under 35 U.S.C. § 101 and denied Blue Coat's
post-trial motions for judgment as a matter of law
("JMOL") and a new trial. Blue Coat appeals.
no error in the district court's subject matter
eligibility determination as to the '844 patent and agree
that substantial evidence supports the jury's finding of
infringement of the '844 and '731 patents. However,
we conclude that Blue Coat was entitled to JMOL of
non-infringement for the '968 patent because the accused
products do not perform the claimed "policy index"
limitation. On appeal, Blue Coat does not challenge the
verdict of infringement for the '633 patent.
respect to damages, we affirm the award with respect to the
'731 and '633 patents. We vacate the damages award
for the '968 patent, as there was no infringement. With
respect to the '844 patent, we agree with Blue Coat that
Finjan failed to apportion damages to the infringing
functionality and that the $8-per-user royalty rate was
unsupported by substantial evidence.
therefore affirm-in-part, reverse-in-part, and remand to the
district court for further consideration of the damages issue
as to the '844 patent.
August 28, 2013, Finjan brought suit against Blue Coat in the
Northern District of California for infringement of patents
owned by Finjan and directed to identifying and protecting
against malware. Four of those patents are at issue on
appeal. Claims 1, 7, 11, 14, and 41 of U.S. Patent No. 6,
154, 844 ("the '844 patent") recite a system
and method for providing computer security by attaching a
security profile to a downloadable. Claims 1 and 17 of U.S.
Patent No. 7, 418, 731 ("the '731 patent")
recite a system and method for providing computer security at
a network gateway by comparing security profiles associated
with requested files to the security policies of requesting
users. Claim 1 of U.S. Patent No. 6, 965, 968 ("the
'968 patent") recites a "policy-based cache
manager" that indicates the allowability of cached files
under a plurality of user security policies. Claim 14 of U.S
Patent No. 7, 647, 633 ("the '633 patent")
relates to a system and method for using "mobile code
runtime monitoring" to protect against malicious
trial, the jury found that Blue Coat infringed these four
patents and awarded Finjan approximately $39.5 million for
Blue Coat's infringement: $24 million for the '844
patent, $6 million for the '731 patent, $7.75 million for
the '968 patent, and $1, 666, 700 for the '633
patent. After a bench trial, the district court concluded
that the '844 patent is directed to patent-eligible
subject matter under 35 U.S.C. § 101.
the district court denied Blue Coat's motions for
judgment as a matter of law and a new trial, concluding that
Finjan had provided substantial evidence to support each
finding of infringement and the damages award. Blue Coat
appeals the district court's rulings on subject matter
eligibility of the '844 patent; infringement of the
'844, '731, and '968 patents; and damages for the
'844, '731, '968, and '633 patents. We have
jurisdiction pursuant to 28 U.S.C. § 1295(a)(1).
Subject Matter Eligibility of the '844 Patent
first address subject matter eligibility with respect to the
'844 patent. We review the district court's decision
de novo. McRO, Inc. v. Bandai Namco Games Am. Inc.,
837 F.3d 1299, 1311 (Fed. Cir. 2016).
101 provides that a patent may be obtained for "any new
and useful process, machine, manufacture, or composition of
matter, or any new and useful improvement thereof." 35
U.S.C. § 101. The Supreme Court has long recognized,
however, that § 101 implicitly excludes "laws of
nature, natural phenomena, and abstract ideas" from the
realm of patent-eligible subject matter, as monopolization of
these "basic tools of scientific and technological
work" would stifle the very innovation that the patent
system aims to promote. Alice Corp. v. CLS Bank
Int'l, 134 S.Ct. 2347, 2354 (2014) (quoting
Ass'n for Molecular Pathology v. Myriad Genetics,
Inc., 133 S.Ct. 2107, 2116 (2013)); see also Mayo
Collaborative Servs. v. Prometheus Labs., Inc., 132
S.Ct. 1289, 1294-97 (2012); Diamond v. Diehr, 450
U.S. 175, 185 (1981).
Supreme Court has instructed us to use a two-step framework
to "distinguish patents that claim laws of nature,
natural phenomena, and abstract ideas from those that claim
patent-eligible applications of those concepts."
Alice, 134 S.Ct. at 2355. At the first step, we
determine whether the claims at issue are "directed
to" a patent-ineligible concept. Id. If they
are, we then "consider the elements of each claim both
individually and 'as an ordered combination' to
determine whether the additional elements 'transform the
nature of the claim' into a patent-eligible
application." Id. (quoting Mayo, 132
S.Ct. at 1298). This is the search for an "inventive
concept"- something sufficient to ensure that the claim
amounts to "significantly more" than the abstract
idea itself. Id. (quoting Mayo, 132 S.Ct.
at step one, we must first examine the '844 patent's
"claimed advance" to determine whether the claims
are directed to an abstract idea. Affinity Labs of Tex.,
LLC v. DIRECTV, LLC, 838 F.3d 1253, 1257 (Fed. Cir.
2016). In cases involving software innovations, this inquiry
often turns on whether the claims focus on "the specific
asserted improvement in computer capabilities . . . or,
instead, on a process that qualifies as an 'abstract
idea' for which computers are invoked merely as a
tool." Enfish, LLC v. Microsoft Corp., 822 F.3d
1327, 1335-36 (Fed. Cir. 2016).
'844 patent is directed to a method of providing computer
security by scanning a downloadable and attaching the results
of that scan to the downloadable itself in the form of a
"security profile." Claim 1 of the '844 patent,
which the district court found representative for § 101
1. A method comprising:
receiving by an inspector a Downloadable;
generating by the inspector a first Downloadable security
profile that identifies suspicious code in the received
linking by the inspector the first Downloadable security
profile to the Downloadable before a web server makes the
Downloadable available to web clients.
'844 patent, col. 11 ll. 11-21. At claim construction,
the parties agreed that "Downloadable" should be
construed to mean "an executable application program,
which is downloaded from a source computer and run on the
destination computer." Additionally, the district court
construed "Downloadable security profile that identifies
suspicious code in the received Downloadable" to mean
"a profile that identifies code in the received
Downloadable that performs hostile or potentially hostile
determined in Intellectual Ventures I LLC v. Symantec
Corp., 838 F.3d 1307, 1319 (Fed. Cir. 2016), that
"[b]y itself, virus screening is well-known and
constitutes an abstract idea." We also found that
performing the virus scan on an intermediary computer-so as
to ensure that files are scanned before they can reach a
user's computer-is a "perfectly conventional"
approach and is also abstract. Id. at 1321. Here the
claimed method does a good deal more.
of the '844 patent scans a downloadable and attaches the
virus scan results to the downloadable in the form of a newly
generated file: a "security profile that identifies
suspicious code in the received Downloadable." The
district court's claim construction decision emphasizes
that this "identif[y] suspicious code" limitation
can only be satisfied if the security profile includes
"details about the suspicious code in the received
downloadable, such as . . . 'all potentially hostile or
suspicious code operations that may be attempted by the
Downloadable.'" Finjan, Inc. v. Blue Coat Sys.,
Inc., No. 13-CV-03999-BLF, 2014 WL 5361976, at *9 (N.D.
Cal. Oct. 20, 2014). The security profile must include the
information about potentially hostile operations
produced by a "behavior-based" virus scan. This
operation is distinguished from traditional,
"code-matching" virus scans that are limited to
recognizing the presence of previously-identified viruses,
typically by comparing the code in a downloadable to a
database of known suspicious code. The question, then, is
whether this behavior-based virus scan in the '844 patent
constitutes an improvement in computer functionality. We
think it does.
"behavior-based" approach to virus scanning was
pioneered by Finjan and is disclosed in the '844
patent's specification. In contrast to traditional
"code-matching" systems, which simply look for the
presence of known viruses, "behavior-based" scans
can analyze a downloadable's code and determine whether
it performs potentially dangerous or unwanted operations-such
as renaming or deleting files. Because security profiles
communicate the granular information about potentially
suspicious code made available by behavior-based scans, they
can be used to protect against previously unknown viruses as