Finjan patent lawsuit against Symantec back on track after patents escape IPR

Finjan Holdings, Inc. (NASDAQ: FNJN), the parent of wholly-owned subsidiary Finjan, Inc., announced several weeks ago that the Patent Trial and Appeal Board (PTAB) of the United States Patent & Trademark Office (USPTO) issued the final rulings on attempts by Symantec Corporation’s (NASDAQ: SYMC) to invalidate 8 different Finjan’s patents through inter partes review (“IPR”). In total, Symantec filed 11 separate IPR petitions, which collectively asserted 31 separate invalidity grounds. Finjan prevailed in 10 cases outright, with the PTAB refusing to institute IPR. In the 11^th case the PTAB did institute an IPR, but only as to 1 of 4 asserted grounds. In total, Finjan went 30 for 31 on asserted invalidity grounds, and 10 for 11 on institution overall.

This IPR battle unsuccessfully waged by Symantec against Finjan’s patents began after Finjan filed a patent infringement lawsuit in the United States Federal District Court for the Northern District of California. It is worth noting that Finjan, founded in 1997, developed and patented the cybersecurity technology that makes up its patent portfolio today. Since the sale of its hardware and software operations Finjan’s primary source of revenue has come from the licensing and enforcement of its patent rights and, therefore, some may say that the Finjan of today is a non-practicing entity. However, calling Finjan an NPE is not really accurate. Finjan Holdings, the public parent, operates a number of investments and operating businesses, including an investment in JVP Cyber Labs, their advisory services business CybeRisk Security Solutions and Finjan Mobile, which is a subsidiary.

Even if you were to lump Finjan incorrectly into the NPE category, as many do try and do, they defy classification on yet another important level — where they choose to litigate when necessary. Unlike many non-practicing entities who only file patent infringement lawsuits in the Eastern District of Texas, when they must sue Finjan frequently sues in the Northern District of California, as they did here. This sets them apart from your typical non-practicing entity or NPE.

The Northern District of California is where Finjan is headquartered, and it is also frequently where the defendants that they are suing are located. Frankly, I’m not sure what this means, but if Finjan’s patents are strong enough to survive IPR at the PTAB and the company is confident enough to fight the case in the Northern District of California that should likely convey something about the relative strength of these patents and likely strength of the infringement case. Finjan obviously doesn’t believe they need any gimmicks to prevail, and are perfectly fine fighting these disputes where they are most convenient to everyone. Not your average NPE indeed!

The patent lawsuit brought by Finjan against Symantec was filed in July of 2014 and alleged infringement of eight U.S. patents. The Finjan patents at issue in the lawsuit, which were also the same patents challenged by Symantec at the PTAB, are:

U.S. Patent No. 6,154,844, which is titled System and method for attaching a downloadable security profile to a downloadable, and which relates generally to computer networks, and more particularly provides a system and method for attaching a downloadable security profile to a downloadable to facilitate the protection of computers and networks from a hostile downloadable.

U.S. Patent Nos. 7,613,926, which is entitled Method and system for protecting a computer and a network from hostile downloadables, and generally relates to computer networks, and more particularly provides a system and methods for protecting network-connectable devices from undesirable downloadable operation.

U.S. Patent No. 7,756,996, which is entitled Embedding management data within HTTP messages, and relates to the efficient delivery of management data between a network management server and multiple client computers.

U.S. Patent No. 7,757,289, which is entitled System and method for inspecting dynamically generated executable code, and relates to computer security generally and more specifically to protection against malicious code such as computer viruses.

U.S. Patent No. 7,930,299, which is entitled System and method for appending security information to search engine results, and relates to a system and method for combining operation of a search engine with operation of a content security filter in order to provide security assessments for web pages and media content located by the search engine.

U.S. Patent No. 8,015,182, which like the ‘299 patent is entitled System and method for appending security information to search engine results, and similarly relates to a system and method for combining operation of a search engine with operation of a content security filter. Both the ‘299 and ‘182 patents share a common priority claim to a provisional patent application filed on November 30, 2015.

U.S. Patent No. 8,141,154, which is entitled System and method for inspecting dynamically generated executable code, and similarly to the ‘289 patent relates to protection against malicious code such as computer viruses.

U.S. Patent No. 8,677,494, which is entitled Malicious mobile code runtime monitoring system and methods, and generally to computer networks, but more particularly provides a system and methods for protecting network-connectable devices from undesirable downloadable operation.

The final summary of Symantec IPR challenges against the aforementioned Finjan Patents is as follows:

• ‘154 Patent – IPR2015-01547: Denied
• ‘182 Patent – IPR2015-01548: Denied
• ‘289 Patent – IPR2015-01552: Denied
• ‘299 Patent – IPR2015-01549: Denied
• ‘494 Patent – IPR2015-01892: Instituted
• ‘494 Patent – IPR2015-01897: Denied
• ‘844 Patent – IPR2015-01894: Denied
• ‘926 Patent – IPR2015-01893: Denied
• ‘926 Patent – IPR2015-01895: Denied
• ‘996 Patent – IPR2015-01545: Denied
• ‘996 Patent – IPR2015-01546: Denied

Only the claims 1, 2, 5, 6, 10, 11, 14, and 15 of the ’494 patent were instituted for IPR as likely being invalid under 35 U.S.C. § 103. The other patents, having escaped IPR, should be practically bulletproof in patent infringement litigation. Although the estoppel provisions of 35 U.S.C. 315(e) only apply to a final written decision, the likelihood that the district court will view these patents as stronger and less likely to seriously consider a validity challenge rises dramatically.

The PTAB applies a broader claim construction (i.e., broadest reasonable interpretation) than does the district courts (i.e., the Phillips standard), which makes it easier to invalidate claims at the PTAB. The PTAB also refuses to presume patents are valid, which district court must do (see 35 U.S.C. 282 and i4i v. Microsoft). Those two factors combined with the PTAB’s historical willingness to institute IPR and invalidate claims mean Finjan will argue that if even the PTAB didn’t think there was chance the claims were invalid there could not be any viable chance that the district court would come to a contrary conclusion apply more strict standards. This argument has proven quite persuasive when it has been used in patent litigation up to this point. That should mean that the Finjan dispute with Symantec will become a question about whether Symantec is really infringing, that is assuming Symantec does not decide to settle and take a license.

In any event, the case is already moving forward. The stay put in place by Judge Haywood Gilliam pending institution decisions in the eight aforementioned IPR petitions has already been lifted. There was a case management conference last week, and the parties have been ordered by Judge Gilliam to submit a joint case calendar by April 15, 2016.

UPDATED April 13, 2016 at 10:05am to correct Finjan’s founding date and to reference several of Finjan’s investments and operating businesses.