Date post: | 04-Jun-2018 |
Category: |
Documents |
Upload: | markman-advisors |
View: | 229 times |
Download: | 0 times |
of 35
8/14/2019 JNPR Opening CC Brief
1/35
IN THE UNITED STATES DISTRICT COURTFOR THE DISTRICT OF DELAWARE
JUNIPER NETWORKS, INC.,
Plaintiff,
v.
PALO ALTO NETWORKS, INC.,
Defendant.
))))))))
C.A. No. 11-1258 (SLR)
PLAINTIFF JUNIPER NETWORKS, INC.S
INITIAL CLAIM CONSTRUCTION BRIEF
OF COUNSEL:
Morgan Chu
Jonathan S. KaganLisa S. Glasser
David McPhieRebecca Clifford
Talin GordniaIRELL &MANELLA LLP
1800 Avenue of the Stars, Suite 900Los Angeles, CA 90067-4276
(310) 277-1010
MORRIS,NICHOLS,ARSHT &TUNNELL LLP
Jack B. Blumenfeld (#1014)
Jennifer Ying (#5550)1201 North Market StreetP.O. Box 1347
Wilmington, DE 19899-1347(302) 658-9200
[email protected]@mnat.com
Attorneys for Plaintiff
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 1 of 35 PageID #: 7310
REDACTED -
PUBLIC VERSION
Original Filing Date: July 19, 2013
Redacted Filing Date: August 21, 2013
8/14/2019 JNPR Opening CC Brief
2/35
i
TABLE OF CONTENTS
I. INTRODUCTION ........................................................................................................ 1II. LEGAL FOUNDATION FOR CLAIM CONSTRUCTION .......................................... 1III. BACKGROUND OF THE TECHNOLOGY AT ISSUE............................................... 2
A. Fundamentals of Computer Technology ............................................................ 2B. Fundamentals of Networking ............................................................................ 4C. Fundamentals of Network Security ................................................................... 5
IV. U.S. PATENT NO. 7,650,634....................................................................................... 6A. two or more security devices (634 patent) ..................................................... 6B. receiving . . . evaluation information . . . (634 patent) ................................... 8
V. U.S. PATENT NO. 7,107,612....................................................................................... 9A. rule (612 patent) ........................................................................................... 9
VI. U.S. PATENT NO. 6,772,347..................................................................................... 12A. sorting packets into . . . initially denied packets (347 patent)....................... 12
VII. U.S. PATENT NO. 7,734,752..................................................................................... 14A. primary portion and secondary portion (752 patent) ................................ 14
VIII. U.S. PATENT NO. 8,077,723..................................................................................... 17A. first engine and second engine (723 patent) ............................................. 17B. route a packet (723 patent) ......................................................................... 20C. a tag and associate a tag (723 patent) ....................................................... 23
IX. U.S. PATENT NO. 7,779,459..................................................................................... 27A. security screening (459 patent) ................................................................... 27B.
without performing the security screening (459 patent)............................... 28
C. security domains (459 patent) ..................................................................... 30
X. CONCLUSION .......................................................................................................... 30
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 2 of 35 PageID #: 7311
8/14/2019 JNPR Opening CC Brief
3/35
ii
TABLE OF AUTHORITIES
CasesBicon, Inc. v. Straumann Co.,
441 F. 3d 945 (Fed. Cir. 2006) ....................................................................................... 28
CBT Flint Partners, LLC v. Return Path, Inc.,
654 F.3d 1353 (Fed. Cir. 2011) ...................................................................................... 30
Elcommerce. com, Inc. v. SAP AG,
2011 WL 710487 (E.D. Pa. Mar. 1, 2011) ........................................................................2
Freedom Wireless, Inc. v. Alltel Corp.,
2008 WL 4647270 (E.D. Tex. Oct. 17, 2008)................................................................. 30
Liebel-Flarsheim Co. v. Medrad, Inc.,
358 F.3d 898 (Fed. Cir. 2004) ........................................................................................ 26
Markman v. Westview Instruments, Inc.,
52 F.3d 967 (Fed. Cir. 1995) ............................................................................................1
Northeastern Univ. et al. v. Google, Inc.,
2010 WL 4511010 (E.D. Tex. Nov. 9, 2010) ........................................................... 16, 20
NTP, Inc. v. Research in Motion, Ltd.,
418 F. 3d 1282 (Fed. Cir. 2005) ..................................................................................... 28
Oatey Co. v. IPS Corp.,
514 F.3d 1271 (Fed. Cir. 2008) ...................................................................................... 25
Phillips v. AWH Corp.,
415 F.3d 1303 (Fed. Cir. 2005) ............................................................................ 1, 10, 14
Synergetics, Inc. v. Peregrine Surgical, LTD,
427 F. Supp. 2d 537 (E.D. Pa. 2006) ................................................................................2
U.S. Surgical Corp. v. Ethicon, Inc.,
103 F.3d 1554 (Fed. Cir. 1997) ........................................................................................2
Ultramercial, Inc. v. Hulu LLC,__ F.3d __ (Fed. Cir. 2013) ..............................................................................................3
Visto Corp. v. Seven Networks, Inc.,
2005 WL 6220108 (E.D. Tex. Apr. 20, 2005) .................................................................7
Vitronics Corp. v. Conceptronic, Inc.,
90 F.3d 1576 (Fed. Cir. 1996) ..........................................................................................1
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 3 of 35 PageID #: 7312
8/14/2019 JNPR Opening CC Brief
4/35
iii
Other AuthoritiesMerriam-Websters Collegiate Dictionary10th ed. ................................................................... 24
Websters College Dictionary2005 ed. ..................................................................................... 24
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 4 of 35 PageID #: 7313
8/14/2019 JNPR Opening CC Brief
5/35
- 1 -
I. INTRODUCTIONFaced with infringement claims on seven patents that PANs own founders invented
while employed by Juniper, PAN now seeks to re-define those patents. PANs primary approach
is to ignore the technological context of the patentscomputer networkingand seek to import
structural or physical limitations into computer terms that do not contain such limitations. Even
PANs employees and experts do not agree with PAN on many of these issues, illustrating how
far afield PANs constructions are from the patents and the relevant art of computer networking.
Most of the terms presented for construction use straightforward language, and should be
given their plain and ordinary meaning, consistent with how one skilled in the relevant
technology would understand them. Juniper has nevertheless proposed constructions that (where
appropriate) incorporate concepts from PANs proposals, while otherwise remaining faithful to
the specifications of the patents-in-suit. Juniper respectfully requests that the Court adopt
Junipers claim constructions, as set forth herein.
II. LEGAL FOUNDATION FOR CLAIM CONSTRUCTIONIt is a bedrock principle of patent law that the claims of a patent define the invention.
Phillips v. AWH Corp., 415 F.3d 1303, 1312 (Fed. Cir. 2005). The words in a claim are
generally given their ordinary and customary meaning, which is the meaning that the term
would have to a person of ordinary skill in the art at the time of the invention. Id. 1312-13.
When the meaning of a claim term is in doubt, the patents specification is appropriately
consulted for guidance. Id. For example, a construction that excludes a preferred embodiment
described in the specification is rarely, if ever correct and would require highly persuasive
evidentiary support. Vitronics Corp. v. Conceptronic, Inc., 90 F.3d 1576, 1583 (Fed. Cir.
1996). The specification, however, cannot enlarge or diminish the claim language. Markman v.
Westview Instruments, Inc., 52 F.3d 967, 980 (Fed. Cir. 1995).
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 5 of 35 PageID #: 7314
8/14/2019 JNPR Opening CC Brief
6/35
2
Claim construction is a matter of resolution of disputed meanings and technical scope, to
clarify and when necessary to explain what the patentee covered by the claims, for use in the
determination of infringement. It is not an obligatory exercise in redundancy. U.S. Surgical
Corp. v. Ethicon, Inc., 103 F.3d 1554, 1568 (Fed. Cir. 1997).1 Straightforward terms should thus
be given their plain meaning, not replaced with other words under the guise of construction.
See, e.g., Elcommerce.com, Inc. v. SAP AG, 2011 WL 710487, at *6 (E.D. Pa. Mar. 1, 2011) (a
court may resolve [claim construction disputes] by simply instructing the jury to evaluate a term
in light of its plain and ordinary meaning).
III.
BACKGROUND OF THE TECHNOLOGY AT ISSUE
The following section provides an overview of some basic technological principles of
computer security and networking to facilitate claim construction analysis in this case. To
minimize dispute, the materials cited are primarily PANadmissions, including from PANs co-
founders (CTO Nir Zuk and Chief Architect Yuming Mao) and its own litigation experts.2
A. Fundamentals of Computer TechnologyThe patents-in-suit are directed to inventions for computer networks and systems using
hardware, software, or combinations thereof. Physical hardwareencompasses components such
as circuits, wires, and computer chips (e.g., a central processing unit or CPU). Hardware
components may be combined and embedded inside each other to create complex computer
systems, even within just one physical chip. For example, a single CPU today may include
1 All emphases to quotations herein have been added, unless otherwise indicated.
2 As in other legal contexts, party admissions are properly considered in claimconstruction. Moreover, although inventor and expert testimony is typically a disfavored
form of extrinsic evidence because of its self-serving nature, here no such concern isimplicated because the inventor and expert testimony is that of PANs principals and
experts. See Synergetics, Inc. v. Peregrine Surgical, LTD, 427 F. Supp. 2d 537, 546(E.D. Pa. 2006) (noting weight to be given opposing party admissions as contrasted with
extrinsic evidence from a partys own experts).
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 6 of 35 PageID #: 7315
8/14/2019 JNPR Opening CC Brief
7/35
3
literally billions of electronic switches (e.g., transistors or logic gates) and other components.
Computer systems may also include software comprising data or instructions that can perform
computation or other actions. Programmers write software source code using programming
languages that are understandable to humans, then build it into computer-executable form.
Hardware and software aspects of computer systems are often interchangeable. As the
Federal Circuit has recently observed:
[T]he line of demarcation between a dedicated circuit and acomputer algorithm accomplishing the identical task is frequentlyblurred and is becoming increasingly so as the technologydevelops. In this field, a software process is often interchangeablewith a hardware circuit.
Ultramercial, Inc. v. Hulu LLC, __ F.3d __, 2013 WL 3111303, at *16 (Fed. Cir. June 21, 2013).
3
Computer systems use memoryto facilitate the storage and manipulation of software and
other data. Memory comes in numerous varieties (e.g., SRAM and DRAM) and can be
shared by multiple other components in a system.
Notably, in most kinds of memory, data
stays retained in memory even after it is retrieved; that is, data retrieval is non-destructive.5
There are two primary ways of sending data in memory to parts of a computer system
that need to use it. The first is to create a new copy of the data in a new memory location,
3
Ex. __ refers to exhibits attached to the Declaration of David McPhie,
submitted herewith.
4
5 SeeEx. B (Mitchell Depo. Tr.) at 25:8 27:4.
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 7 of 35 PageID #: 7316
8/14/2019 JNPR Opening CC Brief
8/35
4
sometimes called passing by value, and the second is to communicate a pointer to the
location in memory where the data is held, sometimes called passing by reference.6 Neither
method results in physical movement or removal of the original data in memory, although (of
course) the original data may be later modified or overwritten via other steps.
Data may be structured or organized in memory to facilitate its use. For example, data
may be grouped into larger structures of multiple (often related) data values, and formatted
depending on how the data entries are to be looked up and accessed. Data elements can be
organized sequentially in a linked list, or for fast lookup in a hash table. Moreover, a related
block of data need not be stored in a single physically connected portion of memory; there are
mechanisms for storing . . . [a] meaningful collection of data in a noncontiguous way.7
B. Fundamentals of NetworkingConnection of computer systems using networks (such as the Internet) allows data
communication between computers, even at significant distances. To facilitate efficient
communication, data is broken down into packets, along with additional metadata for addressing
and other purposes. These packets are typically structured in accordance with networking
standards that provide a well-defined framework for communication between disparate
networking technologies. It is common to format data packets to include multiple layers of
metadata information, each corresponding to a particular networking function. One well-known
framework describing these networking layers is the seven-layer OSI model. The lowest layer
of the model (layer 1) is the physical medium through which the basic bits of data are
communicated (e.g., a copper wire or radiofrequency wave). At the other end of the spectrum
(layer 7) is the actual application with which users can actually interact (e.g., email programs or
6 SeeEx. B (Mitchell Depo. Tr.) at 76:22 77:6.
7 SeeEx. B (Mitchell Depo. Tr.) at 38:9 39:8.
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 8 of 35 PageID #: 7317
8/14/2019 JNPR Opening CC Brief
9/35
5
web browsers). The layers in between handle other aspects of network connectivity, such as the
well-known Internet Protocol (IP) at layer 3. By providing conceptual separation of various
aspects of networking, the OSI model allows communication at a high level independent of its
underlying technical implementation. Thus (for example), when operating at the IP packet layer
(layer 3), the underlying physical structure [layer 1] doesnt matter.8
As a corollary to the above, an IP packet is best understood as formatted, computer-
readable datanot something tangible that humans physically handle or manipulate.9 Thus,
when a packet is described as sent through the OSI model layers, it is not really physically as
if something is being sent from one component to another . . . inside the computer.
10
C. Fundamentals of Network SecurityPermitting computers to communicate with other computers over a network exposes the
risk of network attacks and security breaches. Accordingly, network security technologies have
been developed for regulating communications between networked computers (e.g., by blocking
attacks). One such technology is known as a firewall.
Network administrators can configure firewalls and other network security products in a
variety of ways to enable a security policy desired by an organization, e.g., to allow or prevent
communication based on a number of rules. There are many ways in which such rules can be
structured and applied. For example, in simple firewalls, each rule generally specifies some
8 SeeEx. B (Mitchell Depo Tr.) at 29:13 34:14.
9 SeeEx. B (Mitchell Depo Tr.) at 23:14 24:12; Ex. C (Mao Depo. Tr.) at 376:3-8
).
10 SeeEx. B (Mitchell Depo Tr.) at 17:12-19;
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 9 of 35 PageID #: 7318
8/14/2019 JNPR Opening CC Brief
10/35
8/14/2019 JNPR Opening CC Brief
11/35
7
The term two or more security devices is easily understandable and requires no
construction.14
Alternatively, security devices may be construed as hardware, firmware,
software or combinations thereof for performing security functions, in accordance with the 634
patent specification. For further clarity, the construction may also state that the security devices
may be included on one or more programmable processors executing a computer program.
Junipers proposed construction comes directly from the 634 patents description of the
invention. For example, the Summary section of the patent describes plural security devices as
a feature of the present invention, which may includ[e] computer program products. 634
patent at 2:14-22. The specification elaborates that [t]he invention can be implemented . . . in
computer hardware, firmware, software, or in combinations of them, and further states that
the invention can be performed byone or moreprogrammable processors executing a
computer program. . . . Id.at 6:1-3, 6:18-21.
The specification also provides specific examples that further confirm that the claimed
devices can take a variety of forms. For example, multiple security devices may be included
in a single structure. See, e.g., 634 patent at 2:56-62, Figs. 1 & 9. Figure 9 shows that a single
security device may itself include additional security devices such as a firewall or IPS.
See, e.g., id.at 1:17-19, 2:49-50, 3:5-7, 7:3-7. A firewall operating as a security device can, in
turn, be a set of computer programs, according to the priority application incorporated into the
634 patent specification. Ex. D (Pat. App. No. 10/072,683) at 3:32; see also Visto Corp. v.
Seven Networks, Inc., 2005 WL 6220108, at *8 (E.D. Tex. Apr. 20, 2005) (construing firewall
as comprising software and/or hardware). Moreover, as indicated above, the 634
specification expressly contemplates an embodiment wherein the claimed invention is executed
14 There is no dispute regarding the phrase two or more. Though unnecessary, Juniper
does not object to PANs proposal to construe two or more as at least two.
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 11 of 35 PageID #: 7320
8/14/2019 JNPR Opening CC Brief
12/35
8
on just one . . . programmable processor[]. 634 patent at 6:18-21. Junipers construction of
security device encompasses each of these configurations and embodiments.
PANs proposed construction, in contrast, disregards the specification by limiting
security devices to physically distinct structures. The specification makes no reference to
physically or distinct. Moreover, the 634 patents only use of the term structure refers
not to a security device, but to a flow table (a non-physical data entity). Id.at 3:33. Indeed,
PANs expert, Dr. Mitchell, admitted that a device need not be a physically distinct structure.
Q. What is a device?
A. Device -- device isgenerally a thing that does something.
That probably means different things in different contexts.
Ex. B (Mitchell Depo. Tr.) at 10:3-7. Dr. Mitchell further testified that although one way to
think about a device was as a physical thing, that term is also used in computing to refer to
a technique or method, which has nothing to do with physical devices. Id.at 45:2-9.
B. receiving . . . evaluation information . . . (634 patent)Term Juniper Proposal PAN Proposal
receiving from each of the two or more
security devices, evaluationinformation, the evaluation information
being generated by a respective one ofthe two or more security devices
No construction
required.
receiving, from each of the two or
more security devices, evaluationinformation generated by that
device
Construction of this 28-word phrase appears unnecessary as it uses ordinary English
words consistent with their plain meaning. Indeed, most of the words in the claim language
(e.g., receiving from, generated, and evaluation information) also are used in PANs
construction, and the included term security devices is the subject of a separate proposed
construction. Nor has PAN identified any disputed merits issue to which this construction
relates. Accordingly, no construction of this term is required.
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 12 of 35 PageID #: 7321
8/14/2019 JNPR Opening CC Brief
13/35
9
V. U.S. PATENT NO. 7,107,612Prior to the invention of the 612 patent, firewalls commonly used a fixed set of rules in
performing network security functions, which the patent notes can be restrictive in many
practical applications. 612 patent at 3:12. Thus, there was a need in the art for a firewall
engine which can generate rules dynamically, based upon information extracted from incoming
packets . . . . Id.at 3:912. The 612 patent describes approaches for dynamically adding or
modifying rules based on a sequence of data packets received by a network. The newly added or
modified rules may (for example) be designed to respond to or mitigate a network attack
identified based on analysis of data received.
A. rule (612 patent)Term Juniper Proposal PAN Proposal
rule Juniper is willing to stipulate that,for purposes of the 612 patent
claims, rules exist across multiple
sessions.
No further construction necessary.
A rule is a policy for filteringpackets across multiple
sessions, as distinct from alookup table
The simple term rules does not require elaborate construction. The parties have already
agreed on one aspect of the term, namely that rules, in the context of the 612 patent, exist
across multiple sessions. See also Ex. B (Mitchell Depo. Tr.) at 210:2-5.15
No further
construction is needed for the jury to understand the basic concept of a rulea subject on
which there appears to be substantial agreement.
As indicated above, PAN expert Dr. Mitchell admits that, consistent with the usage . . .
in the 612 patent, a rule generally specifies some characteristic of a packet[,] and an action . . .
15 PAN expert Dr. Mitchell went on to identify at least one portion of the 612 patent
specification as supporting this view: column 5, starting on line 25 and reading down.Ex. B (Mitchell Depo. Tr.) at 210:16 211:6 (So . . . the rules persist and . . . in that
sense, they are beyond a particular session).
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 13 of 35 PageID #: 7322
8/14/2019 JNPR Opening CC Brief
14/35
10
to take with any packets that match the characteristic. Ex. B (Mitchell Depo. Tr.) at 130:9
131:10.16
Dr. Mitchell further testified:
I think generally, a rule is an if-then statement. If the packet has
some properties or in some way satisfies some conditions or isrelated to the processing environment in some way, then someaction will or will not be taken as a result.
Id.at 134:21-25. This formulation is consistent with the testimony of one of the inventors of the
612 patent, Yuming Mao. Ex. C (Mao Depo. Tr.) at 132:3 - 134:13 (
). It also conforms with the exemplary rules disclosed in the 612
patent specification. For example, Figure 3 depicts an embodiment of a rule that provides
items that may serve as a matching criterion for the rule (e.g., source IP address), along with
a field to specify the action to be taken if the rule is matched. 612 patent at 4:43-44. Thus,
the specification, inventor testimony, and even PANs expert agree on the relevant characteristics
of a rule as used in the 612 patent.
By contrast, PANs proposed construction makes no mention of any of these agreed
aspects of a rule, but rather attempts to inject two new concepts into the meaning of rule that
are inconsistent with the usage in the patent.
First, PAN argues that a rule is a policy for filtering packets. But adoption of this
construction would introduce a conflict with the surrounding claim language or (at best)
confusing redundancy. For example, claim 1 recites rules . . . for incoming and outgoing data
units. Because the claim already specifies that rules apply to packets (i.e., a type of data
units), it is incorrect to expressly restate the notion of packets in the construction for rule. See
Phillips v. AWH Corp., 415 F.3d 1303, 1314 (Fed. Cir. 2005) (en banc) (when a concept is
16 Dr. Mitchell further stated that in so testifying he was not trying to defin[e] what it
means to be a rule. Ex. B (Mitchell Depo. Tr.) at 131:7-10. This is consistent with
Junipers position that the term need not be construed.
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 14 of 35 PageID #: 7323
8/14/2019 JNPR Opening CC Brief
15/35
11
already included in surrounding context of a claim term, it strongly implies the term does not
inherently include that concept). Similarly, claim 1 states that rules are for controlling access
to and from a network device. Because the claim already specifies what the rules are for, it is
improper to import other requirements by way of claim construction. Id.
The second, and even more problematic, concept PAN tries to introduce into the claim
involves the words as opposed to a lookup table. As an initial matter, PANs construction
confuses the definitional makeup of a rule with the manner in which a particular rule is
implemented or maintained. As explained in the technical overview above, data structures in
memory (including rules) can be stored in a variety of formats. There is nothing in the patent or
intrinsic record to suggest that any particular data format is excluded for the purpose of rules.17
Indeed, PANs own experts testified that rules can, in fact, be stored in a lookup table.
For example, Dr. Mitchell testified:
Q. [C]an you store rules in a hash table?
A. Yeah. Hash table is another general data structure forstoring data. You can treat rules as data and store them in a
hash table.
Ex. B (Mitchell Depo. Tr.) at 140:24 141:5.
Similarly, Dr. Mitzenmacher has
stated, in his published writings and in deposition testimony, that rules can be provided in a hash
table for lookup. Ex. E (Mitzenmacher Article) at 207-208 (describing hash table lookups for
a hash table that will provide the packet classification rules);
17 Notably, PANs Founder and Chief Architect Yuming Mao, an inventor of the 612
patent, was unable at his deposition to identify
Ex. C (Mao Depo. Tr.) at 379:16 380:19.
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 15 of 35 PageID #: 7324
8/14/2019 JNPR Opening CC Brief
16/35
12
.18
Thus, neither
the intrinsic nor extrinsic record provides any support for PANs restrictive construction.
VI. U.S. PATENT NO. 6,772,347The 347 patent describes technology for efficient packet processing in a firewall. For
example, after a firewall receives a packet, the packet may be sorted or processed into initially
denied and initially allowed packets. Later, the initially denied packets are processed or sorted
further intoallowed or denied packets. See347 patent at Abstract, 5:45-49. Denied packets are
dropped, and allowed packets pass through the firewall. Id.
A. sorting packets into . . . initially denied packets (347 patent)Term Juniper Proposal PAN Proposal
sorting packets into
initially denied packets
No construction required. applying rules to make a first
determination that identifiespackets to be dropped
There is no need to construe the term sorting packets into . . . initially denied packets.
As an initial matter, the term as phrased by PAN does not appear in any of the asserted claims.
Indeed, at least one of the asserted claims (claim 24) does not use the word sorting at all.
Moreover, PANs proposed construction is inconsistent with the 347 patent in at least two ways.
First, PANs construction improperly requires that initially denied packets be identified
as packets to be dropped. This contradicts the 347 patents teaching that a packet neednotbe
identified to be dropped until after it is finally denied by an additional sorting or processing
phase. This clear distinction between initially denied and denied packets is illustrated in
Figure 6, an embodiment where the second sorting phase is a dynamic filter:
18 A lookup table can be used for many other purposes as well. For example, the 612
patent describes using a lookup table to implement a flow table. 612 patent at 5:10-42;
see alsoEx. B (Mitchell Depo. Tr.) at 80:10 - 84:3.
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 16 of 35 PageID #: 7325
8/14/2019 JNPR Opening CC Brief
17/35
8/14/2019 JNPR Opening CC Brief
18/35
14
synonymous, and in fact, the 347 distinguishes between them. For example, some, but not all,
of the claimed sorting steps require that the sorting be performed using rules. See, e.g.,
Claim 14 (further sorting the initially denied packets using rules). In claim elements that
contain a using rules limitation, PANs construction would render the claim language using
rules completely redundant; in the other claim elements that do not set forth such a requirement,
PANs construction would add an extraneous limitation. Neither result is consistent with the
347 patent or the canons of claim construction. See Phillips, 415 F.3d at 1314.
VII. U.S. PATENT NO. 7,734,752The 752 patent describes an apparatus and method for sharing information between two
security systems to provide protection in the event of failure. Specifically, two security systems
each store information for flows that they are actively processing, as well as flow information
synchronized from the other security system. 752 patent at 8:17-29. By doing so, each system
can take over processing that ordinarily would be performed by the other, if the other system
experiences a failure event. Id. To clarify which of the two security systems is being referenced,
the 752 patent sometimes refers to them as the primary and secondary security systems.
A. primary portion and secondary portion (752 patent)Terms Juniper Proposal PAN Proposal
a primary portion that stores
information associated with theoperation of the first device-
implemented session module,when the primary security systemis operating in a primary security
mode
No construction required.
Alternatively: a portion of the flow tablethat stores information for flows that the
primary security system participates inprocessing when failover has not
occurred
the portion of the flow
table that storesinformation for
processing packetswhen all securitydevices are operational
a secondary portion that storesinformation associated with the
operation of the first device-implemented session module,
when the primary security systemis functioning in a failover mode
No construction required.
Alternatively: a portion of the same flow
table that stores information for flowsthat the primary security system may
process when there is a failover event
a different portion ofthe same flow table
that stores informationfor processing packets
if there is a failoverevent
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 18 of 35 PageID #: 7327
8/14/2019 JNPR Opening CC Brief
19/35
15
This disputed language does not require construction, as each of its words has a plain and
ordinary meaning. PANs proposal, moreover, does not seek to clarify the claim language but
rather to change it. Accordingly, Juniper has proposed alternative constructions that reflect the
actual claimed invention.
As explained above, one aspect of the 752 patent is that two systems synchronize
information in their respective flow tables so that, if there is any malfunction affecting one
system, the other system may use that flow information to process packets that would have been
processed by the [other] security system but for the detected failure. 752 patent at 8:6-7; id. at
7:37-50. To do this, each systems flow table has a secondary portion that includes
information for flows that the session module may process in the event of a failover. Id. at
8:22-27. Junipers proposal tracks this language from the 752 patent explicitly, stating that the
secondary portion stores information for flows that the primary security system may process
when there is a failover event.
Similarly, the specification explains that the primary portion of the flow table includes
flow information used for actively participating in the processing of the packets. Id. at 8:17-
22. Junipers proposal also tracks this language, stating that the primary portion stores
information for flows that the primary security system participates in processing. Mirroring
the construction for secondary portion, Junipers construction further states that such
processing occurs when failover hasnotoccurred in that system.20
By contrast, PANs proposals do not correspond to language in the 752 patent or to the
scope of the invention. For example, for both first portion and second portion, PAN seeks to
20 Of course, even if the primary system should fail, the secondary system continues to
participate in processing packets that the secondary system ordinarily would process (to
the extent it was doing this before failover). See, e.g., 752 patent at 9:59-65.
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 19 of 35 PageID #: 7328
8/14/2019 JNPR Opening CC Brief
20/35
16
replace information associated with the operation of the first device-implemented session
module with information for processing packets. As the preceding element of claim 1
explains, however, the claimed session module is used to maintain flow information. . . to
facilitate processing of the packets. Thus, its operation comprises use of flow information.
PANs use of the more generalized phrase information for processing packets is at best
imprecise, as it could be read as encompassing activity having nothing to do with the use of flow
information maintained by the session module. For example, as illustrated in Figure 5, if a
session is not found for a packet (e.g., because it is the first packet of a flow), the packet may
nevertheless undergo processing before flow information is even generated (in step 555). And
Figure 5 depicts other additional steps that may occur even on existing flows before extracting
information from the session modules flow table.
As another example, PANs construction for secondary portion requires that the second
portion be different from the first portion. The 752 patent does not use the word different in
relation to any aspect of the flow table. Nor does labeling the portions as primary and
secondary necessitate that these portions be distinct. See Northeastern Univ. et al. v. Google,
Inc., 2010 WL 4511010, at *8 (E.D. Tex. Nov. 9, 2010) (Absent support from the intrinsic
record or the language of the claims, requiring the first portion of the hashed query fragment to
be distinct and separate from the second portion would be improper.). PAN has previously
suggested that the basis for this aspect of its construction is an embodiment which describes the
first and second portions as dedicated to store certain information (see752 patent at 8:17-27).
However, dedicated and different do not mean the same thing. Moreover, this is one
embodiment, and the specification goes on to explain that the primary and secondary portions
also may be integrated togetherthe opposite of distinct or different. Id. at 8:27-29.
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 20 of 35 PageID #: 7329
8/14/2019 JNPR Opening CC Brief
21/35
17
PAN also makes other unexplained changes to the claim language, such as replacing the
word a with the, and introducing the term operational, a term which is not used in the
claims or the specifications discussion of the claimed portions. These changes introduce further
uncertainty and inaccuracy, and the Court should therefore reject them as well.
VIII. U.S. PATENT NO. 8,077,723The 723 patent describes technology that uses tags to improve the efficiency of packet
processing in a system containing multiple processing engines. For example, in the 723
patent, a first engine directs a packet to a second engine. The second engine then processes the
packet and associates a tag with the packet that contains information related to the processing of
the packet. The information in the tag can include information that is useful to other engines
when they are processing or routing the packet. See723 patent at 5:50 6:5. Subsequently, the
first engine directs the packet to a third engine, and the third engine processes the packet using
the information in the tag. In one embodiment of the 723 patent, the second and third engines
are included on one integrated circuit.
A. first engine and second engine (723 patent)Terms Juniper Proposal PAN Proposal
first engine No construction required.Alternatively, engine may be
construed as:
hardware, firmware, software, orcombinations thereof for
implementing one or more
functional operations
software program on a firstprocessor
second engine software program on a second
processor
PANs proposal to construe the terms first engine and second engine may be best
understood by first considering the context of the parties dispute regarding this element of the
723 patent.
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 21 of 35 PageID #: 7330
8/14/2019 JNPR Opening CC Brief
22/35
18
Ex. C (Mao Depo. Tr.) at
197:7 202:8.
Id.at 198:4-10. PAN now seeks to change the ordinary meaning of
engine in an attempt to distinguish it from the way PAN consistently uses engine in
describing its products. That, of course, is not a valid reason to construe the claims.
The 723 patent makes clear what an engine does (and does not) mean in the claims.
As PANs Founder and Chief Architect (also a named inventor) Yuming Mao admitted,
See,
e.g., Ex. C (Mao Depo. Tr.) at 197:7-18. The 723 patent specification explains that the
engines of the claimed invention are a functional concept that can be implemented with
hardware and/or software: the functional operations described herein can be implemented in . .
. computer hardware, firmware, software, or in combinations of them, including on one or
more programmable processors. 723 patent at 10:20-23, 10:38-39.21 Junipers proposed
construction accurately captures this full range of embodiments, using the exact language of the
patentassuming the term engine requires construction at all.
Other PAN admissions provide further support for Junipers construction. For example,
PAN states in its own patent applications (authored by the 723 patents inventors, Mao and Zuk)
that a processing engine can be of the form of hardware or software of combinations or both.
Ex. G (Pat. App. No. 2008/0253366) 0021.
21 As shown above, this language is also used in the 634 patent specification to describe the
breadth of possible architectural implementations; indeed, the 723 patent notes that a
processing engine can be an example of a device. See723 patent at 5:34-36.
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 22 of 35 PageID #: 7331
8/14/2019 JNPR Opening CC Brief
23/35
19
And PANs expert
Dr. Mitchell, when asked whether he disagreed with the notion that an engine can be software
that performs a function, responded, I dont see any reason to disagree with that. Ex. B
(Mitchell Depo. Tr.) at 172:15-23; see also id.at 104:21-24 (Q. Have you ever heard the word
engine used to describe software? A. I believe so.). These PAN admissions confirm the
accuracy of Junipers proposed construction for engine: hardware, firmware, software, or
combinations thereof for implementing one or more functional operations.
PANs proposed constructions, by contrast, seek to artificially constrain the scope of
engine to only the specific combination of a software programanda processor. As shown
by the evidence cited above, the 723 patent invention may well encompass such a combination
as a possible embodiment, but does not require it. For example, the patent states that the
invention maybe implemented using a stand-alone [software] program, but also permits use of
a software module, component, subroutine, or other unit suitable for use in a computing
environment. 723 patent at 10:32-34. Other disclosed implementations focus more on
hardware, e.g., special purpose logic circuitry such as an FPGA or ASIC. Id.at 10:41-45.
PANs proposal improperly excludes these embodiments.
Moreover, PANs constructions for the first and second engine terms are also
problematic to the extent that they may be understood as improperly introducing a requirement
that the first and second engines include different software programs running on different
processors.22
There is no basis for introducing such a constraint into the 723 patent claims
22 PAN is not requesting construction of the term third engine, presumably because a
construction suggesting that engines must be physically separated could not apply to
the second and third enginein claim 1, those engines are included on one integratedcircuit. However, PANs attempt to avoid this issue by construing only the first and
second engines only creates an additional problem of inconsistency within the claims.
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 23 of 35 PageID #: 7332
8/14/2019 JNPR Opening CC Brief
24/35
20
through the engine terms. The claim drafters knew how to specify a difference requirement
when they wanted one; in fact, claim 1 expressly requires that the second engine is different
than the third engine. By contrast, claim 1 contains no such requirement as between the first
and second engines, and thus there is no basis for adding one now. See Northeastern Univ., 2010
WL 4511010, at *8 (improper to read distinct and separate requirement into claims [a]bsent
support from the intrinsic record).23
Requiring separate processors for multiple engines is also contrary to the 723 patent
specification, which indicates that the invention may be performed on one programmable
processor. 723 patent at 10:38-39. Tellingly, PANs expert Dr. Mitchell opined that, based on
the understanding of engine in PANs construction, it would not be possible to perform the
method of the invention on a single programmable processorthus confirming that PANs
construction contradicts the specification. Ex. B (Mitchell Depo. Tr.) at 106:13 107:1. Dr.
Mitchell also admitted that the 723 patent does not require separate software programs, as
functionally distinct engines can be part of the same executable software file. Id.at 241:16
242:3. Indeed, claim 1 illustrates that that engines need not be physically separate, describing
multiple engines as included on a single integrated circuit.
B. route a packet (723 patent)Term Juniper Proposal PAN Proposal
route a packet No construction required. Alternatively, Juniperwould be willing to adopt send a packet(PANs
original proposed construction) as a compromise, if
the parties agree to further clarify that send doesnot exclude routing by reference or by pointer.
send a packet from asource to its intended
destination
23 Compare claims 9 and 17, whichdoexpressly require a second engine that is differentthan the first engine. Such an express limitation would not be necessary if the terms
first engine and second engine inherently included the concept of difference.
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 24 of 35 PageID #: 7333
8/14/2019 JNPR Opening CC Brief
25/35
8/14/2019 JNPR Opening CC Brief
26/35
22
recites routing . . . a packet to a second engine, whereas dependent claim 13 further requires
routing the packet to a destination.
Figure 1 of the patent provides a further illustration. The router labeled 118 is
connected to and capable of routing packets to destinations on the network such as a web
server (110) or workstations (134). But no connection is shown between the router and the
individual engines that are part of processing system 126, because the individual engines within
one packet processing system are not discrete network destinations. Therefore, there must be
some othermechanism available to route packets between engines.
The 723 patent encompasses a number of methods for communication between the
claimed engines. As described in the technical overview, one skilled in the computer arts would
understand that a packet in memory may be passed in a system either by making a copy of the
packet data in a new location, or by using a pointer to the memory location corresponding to
the packet location. The 723 patent specification expressly contemplates this approach of using
pointers to communicate packet data. For example, the 723 patent incorporates by reference the
entirety of the 634 patent disclosure, including the following diagram:
See723 patent at 1:11-12; 634 patent at Fig. 6. Similarly, an earlier patent application that is
incorporated by reference into the 723 patent specification (723 patent at 2:66 3:3) provides
extensive discussion of the use of pointers. See, e.g., Ex. D (U.S. Pat. App. No. 10/072,683) at
33-40, Figs. 8, 9, 11.24
24 Even PANs expert Dr. Mitchell concedes that [t]wo [software] processes on the same
computer can use some forms of shared memory and that in such a case, some data . . .
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 26 of 35 PageID #: 7335
8/14/2019 JNPR Opening CC Brief
27/35
23
Contrary to the intrinsic record, PANs construction is misleading because the jury could
interpret it to require the physical movement of a packet. For the reasons discussed above, this
contradicts basic computer networking principles and the 723 patent. As a further example, the
patent explains that to route the packets to processing engines is a form of communication
between processing engines. 723 patent, 4:5-6 (communication between processing engines
[as] discussed in greater detail below); 4:15-16 (route the packets to processing engines).
One of ordinary skill in the art would understand that communicationdoes not require physical
movement. In fact, PANs expert Dr. Mitchell testified that he was not sure that send was an
appropriate way to characterize the communication of data packets within a computer. See Ex. B
(Mitchell Depo. Tr.) at 16:16-22. PANs expert also identified a concrete example of routing
without movement, namely, the use of a well-known networking mechanism called localhost,
where one can route packets to oneself. Id. at 75:12-24. And the specification notes the
possibility that the claimed engines between which routing takes place can be integrated on a
single integrated circuit (IC). 723 patent at 10:15-17. Thus, adopting PANs construction
would be inaccurate and misleading unless, per Junipers proposed compromise, the construction
clarified that it does not exclude routing by reference or by pointer.
C. a tag and associate a tag (723 patent)Term Juniper Proposal PAN Proposal
a tag No construction required. a structure for holding data thatis sent along with a packet
associate a tag No construction required.
Alternatively, associate may be construed
as: to connect or bring into relationship in
any of various intangible ways
form a connection with a tag
could reside in shared memory and, therefore, be read by the second process from thesame shared memory location the first process wrote it intothat is, sending or routing
the data via pointer. Ex. B (Mitchell Depo. Tr.) at 73:12 75:11.
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 27 of 35 PageID #: 7336
8/14/2019 JNPR Opening CC Brief
28/35
24
The terms a tag and associate a tag do not need construction. The term tag is
consistently used in the 723 to refer to the data or information used to help process packets in
the multiple processing engine system of the 723 patent. For example, the 723 patent explains
that a tag can provide information that a particular packet was determined to be possibly part of
an attack on the system. 723 patent at 7:62-64. A tag can also comprise such information as
network layer 3 and layer 4 data, a context pointer . . . and a communication action flag. Id.at
5:57-60. Additional types of information for a tag are also possible. Id.
Because the information in a tag is to be used for processing a packet, the claims also
provide that a tag needs to be associate[d] with the packet in some way. The word associate
is used in its common English language sense; the patent does not provide any specialized
definition or specify that association occur in any particular manner. Thus, it should be given its
plain English language meaning, which is to connectorbring into relationship in any of various
intangible ways. SeeEx. J (Merriam-Websters Collegiate Dictionary10th ed.) at 70 (to bring
together or into relationship in any of various intangible ways); Ex. K (Websters College
Dictionary2005 ed.) at 76 (bring into relation).
Those of skill in the art would appreciate that there are a variety of ways to associate a
tag with a packet, as reflected in the 723 patent specification. For example, the 723 patent
incorporates into its specification an earlier application describing association through use of
memory pointers. See 723 patent at 2:66 3:3; Ex. D (U.S. Pat. App. No. 10/072,683) at
34:3-9 (this association [of packet flow and session] is done by a double pointer).
Alternatively, the specification notes that a tag can be appended or prepended to the packet.
723 patent at 2:60-61. PANs expert Dr. Mitchell has further observed that often the way that
a tag or other annotation is associated with a data value is through some other data structure that
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 28 of 35 PageID #: 7337
8/14/2019 JNPR Opening CC Brief
29/35
25
contains both of them or links them in some way. Ex. B (Mitchell Depo. Tr.) at 228:7-10.
Junipers construction encompasses all of these valid possibilities.
By contrast, PANs proposed constructions confuse, rather than clarify, the meaning of
associate a packet. As with several other claim terms, PANs construction is susceptible to
being misinterpreted as imposing physical limitations inapplicable to the network security
context of the 723 patent. See Ex. C (Mao Depo. Tr.) at 377:3-7
For example, PANs
proposal requires that a tag is sent along with a packet. The 723 patent does not use this
language, and (as noted in the technical overview and in connection with other claim terms) the
concept of sending is ill-suited to non-physical data structures such as packets and tags.
Moreover, PANs position that tags must be sent along with packets is at odds with the
patent specification, which presents two alternative scenarios: (1) tags and packets are
communicated over separate paths, as illustrated in Figure 3a; or (2) [a]lternatively, packets and
tags may be sent over a common path. 723 patent, 5:4-7, Fig. 3. Because the 723 patent
contemplates that tags and packets may be sent over either different or common paths, it is
incorrect torequirethat tags and packets be sent together. Because PANs construction excludes
the embodiment where tags and packets are sent over different paths, it is improper. Oatey Co.
v. IPS Corp., 514 F.3d 1271, 1276 (Fed. Cir. 2008) (We normally do not interpret claim terms
in a way that excludes embodiments disclosed in the specification.).
PANs constructions also present the risk of being misunderstood as requiring that the tag
be physically appended to the packet itself. The intrinsic record rejects this notion. The 723
patent specification clearly explains that [t]ags can be appended or prepended to the packet,
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 29 of 35 PageID #: 7338
8/14/2019 JNPR Opening CC Brief
30/35
26
but also can be communicated over separate paths. 723 patent at 2:60-61; Fig. 3. PAN
overlooks this discretionary language to the extent it seeks to mandate a physical connection
between the tag and packet. PANs construction is also inconsistent with the meaning of
associated as reflected in the prosecution history. For example, claim 17 of the original patent
application included the language creating a tag associated with the packet, while original
dependent claim 22 added the limitation wherein creating a tag includes one of appending the
tag to the packet or prepending the tag to the packet. Appendix Ex. 8 at JA-246 (5/14/10 Patent
App.). According to the doctrine of claim differentiation, this connotes that the patentee did not
consider appending or prepending to be an intrinsic part of associating, because those
limitations were added by a dependent claim. Liebel-Flarsheim Co. v. Medrad, Inc., 358 F.3d
898, 910 (Fed. Cir. 2004) (the presence of a dependent claim that adds a particular limitation
raises a presumption that the limitation in question is not found in the independent claim).
Finally, an additional problem with PANs proposed language, a structure for holding
data, has recently arisen. It now appears based on expert discovery that PAN may be taking the
position that a structure (a word that is not used in the 723 patent) does not include data
itself.25
That position is inconsistent with the specification, which (as shown above), considers
the information included in a tag an essential part of the tag itself. Put simply, a tag includes
information. See, e.g., 723 patent at 2:22-23. The 723 patent does not contemplate that a tag
is independent of that information. This constitutes another reason why PANs construction
25 As part of the meet-and-confer process, Juniper inquired whether PAN would accept the
phrase a structure for holding data standing alone as an acceptable construction for
tag, but PAN did not respond. After the parties submitted the Joint Claim ConstructionStatement, Juniper learned of PANs apparent position that a structure for holding data
did not include the data itself. Because Juniper disagrees with that premise, it haswithdrawn its prior proposal to avoid a situation where construction might generate more
confusion than it would resolve.
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 30 of 35 PageID #: 7339
8/14/2019 JNPR Opening CC Brief
31/35
27
should not be adopted, and the plain meaning of the straightforward term tag should govern.
IX. U.S. PATENT NO. 7,779,459The 459 patent discusses security domains and the processing of both inter-zone and
intra-zone packets, where inter-zonetraffic passes between distinct security domains and intra-
zone traffic remains within a security domain. See 459 patent at 6:62-65; 10:42-59. For
example, the 459 patent describes ways to bypass one or more types of security screening for
intra-zone packets traveling within a distinct security domain, to increase processing efficiency.
A. security screening (459 patent)Term Juniper Proposal PAN Proposal
security screening No construction required.
Alternatively:
application of one or more security
policies
inspection to determine whether a
packet should be dropped
Although the term security screening does not require construction, Juniper has
alternatively proposed a modified version of PANs earlier proposed construction (the
construction that PANs experts use): application of one or more security policies.26
Consistent with Junipers construction and aspects of PANs original construction, the
specification of the 459 patent describes security screening as application of a security policy
or policies. See, e.g., 459 patent at 7:19-21 (policies can be established for . . . screening
packets as they traverse the security switch), 9:5-9 (after an appropriate policy is retrieved,
then the packet is inspected . . . [which] can include screening); see also Fig. 3 (showing
policies retrieved if a [p]acket [is] to be screened). The patent explains that screening can be
based on one or more considerations, e.g., packets can be screened based on source,
26 PAN originally proposed applying security policies to determine whether a packet
should be forwarded but changed position after expert reports.
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 31 of 35 PageID #: 7340
8/14/2019 JNPR Opening CC Brief
32/35
28
destination, or both. 459 patent at 7:31-34. Similarly, dependent claim 2 discloses that
performing the security screening may comprise enforcing at least one security constraint.
By contrast, PANs proposed construction inspection to determine whether a packet
should be droppeddoes not have similar support in the intrinsic record. The 459 patent does
not equate screening with inspection, and in fact expressly distinguishes the concepts. Id.at
7:20 (inspecting or otherwise screening), 9:8-9 (inspection can include screening).
Moreover, the 459 patent never discloses or even suggests that security screening is
equivalent to determin[ing] whether a packet should be dropped. Thus, PANs proposal is
inconsistent with the 459 patent and should not be adopted.
B. without performing the security screening (459 patent)Term Juniper Proposal PAN Proposal
without performing
the security screening
No construction required.
Alternatively:
without applying the one or
more security policies that areapplied to inter-zone traffic
without performing inspection to
determine whether a packet shouldbe dropped
The issues presented for the term without performing the security screening are
essentially the same as discussed above for security screening, with one important exception:
PAN attempts an additional sleight of hand by deleting the definite article the from the claim
term. This facially minor change significantly changes the meaning of the 459 patent claims.
Claims must be construed with an eye toward giving effect to all terms in the claim.
Bicon, Inc. v. Straumann Co., 441 F. 3d 945, 950 (Fed. Cir. 2006). In patent law, the word the
has a particular, well-defined meaning: it signals that the term that follows is referring to
something mentioned earlier in the claim (often referred to as its antecedent basis). See NTP,
Inc. v. Research in Motion, Ltd., 418 F. 3d 1282, 1306 (Fed. Cir. 2005). Thus, in claim 1 of the
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 32 of 35 PageID #: 7341
8/14/2019 JNPR Opening CC Brief
33/35
29
459 patent, the term thesecurity screening refers to thesame security screening recited in
the preceding elementthat is, the claimed security screening performed based on a []
determination that the packet is to pass between the two distinct security domains.27
PANs attempt to read the antecedent basis out of without thesecurity screening is not
only inaccurate, but could engender significant confusion. Particularly when coupled with
PANs (improper) proposal to define screening by reference to determin[ing] whether a
packet should be dropped, the jury could be left with the erroneous impression that no packet
can be dropped unless: (1) it is determined to be an inter-zone packet, and (2) an inspection is
performed, based on that determination, which further determines that the packet must be
dropped. Of course, a packet can be dropped for many other reasons. The 459 patent describes
one example where a packet can be dropped if the MAC address is unknown. Id. at 3:60-61.
The 459 patent also describes setting a period of time to attempt to locate an address for the
packet and dropping the packet after the expiration of the predetermined amount of time. Id.at
3:44-60. Furthermore, the 459 patent describes embodiments in which firewall protections
are applied to both inter-zone and intra-zone traffic, such as TCP stateful inspection, syn-
attack guard, and policy-based control. Id. at 4:48-52. These scenarios could likewise result
in a packet being dropped.
Only Junipers proposed construction (without applying the one or more security
policies that are applied to inter-zone traffic) captures the meaning of the complete claim term
without the security screening. It retains the key definite article the (the one or more
security policies) and makes clear that the referenced security policies are those that the claim
earlier indicated are applied based on the determination that a packet is an inter-zone packet.
27 The patent uses the term inter-zone to refer to packets passed from one zone or security
domain to another. See, e.g., 459 patentat 6:62-65.
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 33 of 35 PageID #: 7342
8/14/2019 JNPR Opening CC Brief
34/35
30
Thus, if the Court construes this claim term, it should adopt Junipers proposal.
C. security domains (459 patent)Term Juniper Proposal PAN Proposal
security domains security security domains [no response]
Finally, the Court should exercise its power to correct a typographical error in the 459
patent, where the claims recite security domains security instead of security domains. See,
e.g., CBT Flint Partners, LLC v. Return Path, Inc., 654 F.3d 1353, 1358 (Fed. Cir. 2011) (It is
well-settled law that, in a patent infringement suit, a district court may correct an obvious error in
a patent claim.). PAN does not dispute Juniper's proposal and courts routinely correct such
errors. See, e.g., Freedom Wireless, Inc. v. Alltel Corp., 2008 WL 4647270, at *13 (E.D. Tex.
Oct. 17, 2008) (correcting causing a call is caused to be terminated by omitting is caused).
X. CONCLUSIONFor the foregoing reasons, Juniper respectfully requests that its proposed constructions be
adopted.
OF COUNSEL:
Morgan ChuJonathan S. Kagan
Lisa S. GlasserDavid McPhie
Rebecca CliffordTalin Gordnia
IRELL &MANELLA LLP1800 Avenue of the Stars, Suite 900
Los Angeles, CA 90067-4276(310) 277-1010
MORRIS,NICHOLS,ARSHT &TUNNELL LLP
/s/ Jennifer YingJack B. Blumenfeld (#1014)Jennifer Ying (#5550)
1201 North Market StreetP.O. Box 1347
Wilmington, DE 19899-1347(302) 658-9200
Attorneys for Plaintiff
July 19, 20137376005
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 34 of 35 PageID #: 7343
8/14/2019 JNPR Opening CC Brief
35/35
CERTIFICATE OF SERVICE
I hereby certify that on August 21, 2013, I caused the foregoing to be
electronically filed with the Clerk of the Court using CM/ECF, which will send notification of
such filing to all registered participants.
I further certify that I caused copies of the foregoing document to be served on
August 21, 2013, upon the following in the manner indicated:
Philip A. Rovner, EsquireJonathan A. Choa, Esquire
POTTER ANDERSON &CORROON LLP1313 North Market Street
Hercules PlazaWilmington, DE 19801
Attorneys for Defendant
VIA ELECTRONIC MAIL
Daralyn J. Durie, EsquireRagesh K. Tangri, Esquire
Ryan M. Kent, EsquireBrian C. Howard, Esquire
Sonali D. Maitra, EsquireDURIE TANGRI LLP
217 Leidesdorff StreetSan Francisco, CA 94111
Attorneys for Defendant
VIA ELECTRONIC MAIL
Harold J. McElhinny, EsquireMichael A. Jacobs, Esquire
Matthew A. Chivvis, EsquireMatthew I. Kreeger, Esquire
MORRISON &FOERSTER LLP425 Market Street
San Francisco, CA 94105Attorneys for Defendant
VIA ELECTRONIC MAIL
/s/ Jennifer Ying
Jennifer Ying (#5550)
Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 35 of 35 PageID #: 7344