JNPR Opening CC Brief

Embed Size (px)

Citation preview

  • 8/14/2019 JNPR Opening CC Brief









    C.A. No. 11-1258 (SLR)




    Morgan Chu

    Jonathan S. KaganLisa S. Glasser

    David McPhieRebecca Clifford

    Talin GordniaIRELL &MANELLA LLP

    1800 Avenue of the Stars, Suite 900Los Angeles, CA 90067-4276

    (310) 277-1010


    Jack B. Blumenfeld (#1014)

    Jennifer Ying (#5550)1201 North Market StreetP.O. Box 1347

    Wilmington, DE 19899-1347(302) 658-9200

    [email protected]@mnat.com

    Attorneys for Plaintiff

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 1 of 35 PageID #: 7310



    Original Filing Date: July 19, 2013

    Redacted Filing Date: August 21, 2013

  • 8/14/2019 JNPR Opening CC Brief




    I. INTRODUCTION ........................................................................................................ 1II. LEGAL FOUNDATION FOR CLAIM CONSTRUCTION .......................................... 1III. BACKGROUND OF THE TECHNOLOGY AT ISSUE............................................... 2

    A. Fundamentals of Computer Technology ............................................................ 2B. Fundamentals of Networking ............................................................................ 4C. Fundamentals of Network Security ................................................................... 5

    IV. U.S. PATENT NO. 7,650,634....................................................................................... 6A. two or more security devices (634 patent) ..................................................... 6B. receiving . . . evaluation information . . . (634 patent) ................................... 8

    V. U.S. PATENT NO. 7,107,612....................................................................................... 9A. rule (612 patent) ........................................................................................... 9

    VI. U.S. PATENT NO. 6,772,347..................................................................................... 12A. sorting packets into . . . initially denied packets (347 patent)....................... 12

    VII. U.S. PATENT NO. 7,734,752..................................................................................... 14A. primary portion and secondary portion (752 patent) ................................ 14

    VIII. U.S. PATENT NO. 8,077,723..................................................................................... 17A. first engine and second engine (723 patent) ............................................. 17B. route a packet (723 patent) ......................................................................... 20C. a tag and associate a tag (723 patent) ....................................................... 23

    IX. U.S. PATENT NO. 7,779,459..................................................................................... 27A. security screening (459 patent) ................................................................... 27B.

    without performing the security screening (459 patent)............................... 28

    C. security domains (459 patent) ..................................................................... 30

    X. CONCLUSION .......................................................................................................... 30

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 2 of 35 PageID #: 7311

  • 8/14/2019 JNPR Opening CC Brief




    CasesBicon, Inc. v. Straumann Co.,

    441 F. 3d 945 (Fed. Cir. 2006) ....................................................................................... 28

    CBT Flint Partners, LLC v. Return Path, Inc.,

    654 F.3d 1353 (Fed. Cir. 2011) ...................................................................................... 30

    Elcommerce. com, Inc. v. SAP AG,

    2011 WL 710487 (E.D. Pa. Mar. 1, 2011) ........................................................................2

    Freedom Wireless, Inc. v. Alltel Corp.,

    2008 WL 4647270 (E.D. Tex. Oct. 17, 2008)................................................................. 30

    Liebel-Flarsheim Co. v. Medrad, Inc.,

    358 F.3d 898 (Fed. Cir. 2004) ........................................................................................ 26

    Markman v. Westview Instruments, Inc.,

    52 F.3d 967 (Fed. Cir. 1995) ............................................................................................1

    Northeastern Univ. et al. v. Google, Inc.,

    2010 WL 4511010 (E.D. Tex. Nov. 9, 2010) ........................................................... 16, 20

    NTP, Inc. v. Research in Motion, Ltd.,

    418 F. 3d 1282 (Fed. Cir. 2005) ..................................................................................... 28

    Oatey Co. v. IPS Corp.,

    514 F.3d 1271 (Fed. Cir. 2008) ...................................................................................... 25

    Phillips v. AWH Corp.,

    415 F.3d 1303 (Fed. Cir. 2005) ............................................................................ 1, 10, 14

    Synergetics, Inc. v. Peregrine Surgical, LTD,

    427 F. Supp. 2d 537 (E.D. Pa. 2006) ................................................................................2

    U.S. Surgical Corp. v. Ethicon, Inc.,

    103 F.3d 1554 (Fed. Cir. 1997) ........................................................................................2

    Ultramercial, Inc. v. Hulu LLC,__ F.3d __ (Fed. Cir. 2013) ..............................................................................................3

    Visto Corp. v. Seven Networks, Inc.,

    2005 WL 6220108 (E.D. Tex. Apr. 20, 2005) .................................................................7

    Vitronics Corp. v. Conceptronic, Inc.,

    90 F.3d 1576 (Fed. Cir. 1996) ..........................................................................................1

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 3 of 35 PageID #: 7312

  • 8/14/2019 JNPR Opening CC Brief



    Other AuthoritiesMerriam-Websters Collegiate Dictionary10th ed. ................................................................... 24

    Websters College Dictionary2005 ed. ..................................................................................... 24

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 4 of 35 PageID #: 7313

  • 8/14/2019 JNPR Opening CC Brief


    - 1 -

    I. INTRODUCTIONFaced with infringement claims on seven patents that PANs own founders invented

    while employed by Juniper, PAN now seeks to re-define those patents. PANs primary approach

    is to ignore the technological context of the patentscomputer networkingand seek to import

    structural or physical limitations into computer terms that do not contain such limitations. Even

    PANs employees and experts do not agree with PAN on many of these issues, illustrating how

    far afield PANs constructions are from the patents and the relevant art of computer networking.

    Most of the terms presented for construction use straightforward language, and should be

    given their plain and ordinary meaning, consistent with how one skilled in the relevant

    technology would understand them. Juniper has nevertheless proposed constructions that (where

    appropriate) incorporate concepts from PANs proposals, while otherwise remaining faithful to

    the specifications of the patents-in-suit. Juniper respectfully requests that the Court adopt

    Junipers claim constructions, as set forth herein.

    II. LEGAL FOUNDATION FOR CLAIM CONSTRUCTIONIt is a bedrock principle of patent law that the claims of a patent define the invention.

    Phillips v. AWH Corp., 415 F.3d 1303, 1312 (Fed. Cir. 2005). The words in a claim are

    generally given their ordinary and customary meaning, which is the meaning that the term

    would have to a person of ordinary skill in the art at the time of the invention. Id. 1312-13.

    When the meaning of a claim term is in doubt, the patents specification is appropriately

    consulted for guidance. Id. For example, a construction that excludes a preferred embodiment

    described in the specification is rarely, if ever correct and would require highly persuasive

    evidentiary support. Vitronics Corp. v. Conceptronic, Inc., 90 F.3d 1576, 1583 (Fed. Cir.

    1996). The specification, however, cannot enlarge or diminish the claim language. Markman v.

    Westview Instruments, Inc., 52 F.3d 967, 980 (Fed. Cir. 1995).

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 5 of 35 PageID #: 7314

  • 8/14/2019 JNPR Opening CC Brief



    Claim construction is a matter of resolution of disputed meanings and technical scope, to

    clarify and when necessary to explain what the patentee covered by the claims, for use in the

    determination of infringement. It is not an obligatory exercise in redundancy. U.S. Surgical

    Corp. v. Ethicon, Inc., 103 F.3d 1554, 1568 (Fed. Cir. 1997).1 Straightforward terms should thus

    be given their plain meaning, not replaced with other words under the guise of construction.

    See, e.g., Elcommerce.com, Inc. v. SAP AG, 2011 WL 710487, at *6 (E.D. Pa. Mar. 1, 2011) (a

    court may resolve [claim construction disputes] by simply instructing the jury to evaluate a term

    in light of its plain and ordinary meaning).



    The following section provides an overview of some basic technological principles of

    computer security and networking to facilitate claim construction analysis in this case. To

    minimize dispute, the materials cited are primarily PANadmissions, including from PANs co-

    founders (CTO Nir Zuk and Chief Architect Yuming Mao) and its own litigation experts.2

    A. Fundamentals of Computer TechnologyThe patents-in-suit are directed to inventions for computer networks and systems using

    hardware, software, or combinations thereof. Physical hardwareencompasses components such

    as circuits, wires, and computer chips (e.g., a central processing unit or CPU). Hardware

    components may be combined and embedded inside each other to create complex computer

    systems, even within just one physical chip. For example, a single CPU today may include

    1 All emphases to quotations herein have been added, unless otherwise indicated.

    2 As in other legal contexts, party admissions are properly considered in claimconstruction. Moreover, although inventor and expert testimony is typically a disfavored

    form of extrinsic evidence because of its self-serving nature, here no such concern isimplicated because the inventor and expert testimony is that of PANs principals and

    experts. See Synergetics, Inc. v. Peregrine Surgical, LTD, 427 F. Supp. 2d 537, 546(E.D. Pa. 2006) (noting weight to be given opposing party admissions as contrasted with

    extrinsic evidence from a partys own experts).

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 6 of 35 PageID #: 7315

  • 8/14/2019 JNPR Opening CC Brief



    literally billions of electronic switches (e.g., transistors or logic gates) and other components.

    Computer systems may also include software comprising data or instructions that can perform

    computation or other actions. Programmers write software source code using programming

    languages that are understandable to humans, then build it into computer-executable form.

    Hardware and software aspects of computer systems are often interchangeable. As the

    Federal Circuit has recently observed:

    [T]he line of demarcation between a dedicated circuit and acomputer algorithm accomplishing the identical task is frequentlyblurred and is becoming increasingly so as the technologydevelops. In this field, a software process is often interchangeablewith a hardware circuit.

    Ultramercial, Inc. v. Hulu LLC, __ F.3d __, 2013 WL 3111303, at *16 (Fed. Cir. June 21, 2013).


    Computer systems use memoryto facilitate the storage and manipulation of software and

    other data. Memory comes in numerous varieties (e.g., SRAM and DRAM) and can be

    shared by multiple other components in a system.

    Notably, in most kinds of memory, data

    stays retained in memory even after it is retrieved; that is, data retrieval is non-destructive.5

    There are two primary ways of sending data in memory to parts of a computer system

    that need to use it. The first is to create a new copy of the data in a new memory location,


    Ex. __ refers to exhibits attached to the Declaration of David McPhie,

    submitted herewith.


    5 SeeEx. B (Mitchell Depo. Tr.) at 25:8 27:4.

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 7 of 35 PageID #: 7316

  • 8/14/2019 JNPR Opening CC Brief



    sometimes called passing by value, and the second is to communicate a pointer to the

    location in memory where the data is held, sometimes called passing by reference.6 Neither

    method results in physical movement or removal of the original data in memory, although (of

    course) the original data may be later modified or overwritten via other steps.

    Data may be structured or organized in memory to facilitate its use. For example, data

    may be grouped into larger structures of multiple (often related) data values, and formatted

    depending on how the data entries are to be looked up and accessed. Data elements can be

    organized sequentially in a linked list, or for fast lookup in a hash table. Moreover, a related

    block of data need not be stored in a single physically connected portion of memory; there are

    mechanisms for storing . . . [a] meaningful collection of data in a noncontiguous way.7

    B. Fundamentals of NetworkingConnection of computer systems using networks (such as the Internet) allows data

    communication between computers, even at significant distances. To facilitate efficient

    communication, data is broken down into packets, along with additional metadata for addressing

    and other purposes. These packets are typically structured in accordance with networking

    standards that provide a well-defined framework for communication between disparate

    networking technologies. It is common to format data packets to include multiple layers of

    metadata information, each corresponding to a particular networking function. One well-known

    framework describing these networking layers is the seven-layer OSI model. The lowest layer

    of the model (layer 1) is the physical medium through which the basic bits of data are

    communicated (e.g., a copper wire or radiofrequency wave). At the other end of the spectrum

    (layer 7) is the actual application with which users can actually interact (e.g., email programs or

    6 SeeEx. B (Mitchell Depo. Tr.) at 76:22 77:6.

    7 SeeEx. B (Mitchell Depo. Tr.) at 38:9 39:8.

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 8 of 35 PageID #: 7317

  • 8/14/2019 JNPR Opening CC Brief



    web browsers). The layers in between handle other aspects of network connectivity, such as the

    well-known Internet Protocol (IP) at layer 3. By providing conceptual separation of various

    aspects of networking, the OSI model allows communication at a high level independent of its

    underlying technical implementation. Thus (for example), when operating at the IP packet layer

    (layer 3), the underlying physical structure [layer 1] doesnt matter.8

    As a corollary to the above, an IP packet is best understood as formatted, computer-

    readable datanot something tangible that humans physically handle or manipulate.9 Thus,

    when a packet is described as sent through the OSI model layers, it is not really physically as

    if something is being sent from one component to another . . . inside the computer.


    C. Fundamentals of Network SecurityPermitting computers to communicate with other computers over a network exposes the

    risk of network attacks and security breaches. Accordingly, network security technologies have

    been developed for regulating communications between networked computers (e.g., by blocking

    attacks). One such technology is known as a firewall.

    Network administrators can configure firewalls and other network security products in a

    variety of ways to enable a security policy desired by an organization, e.g., to allow or prevent

    communication based on a number of rules. There are many ways in which such rules can be

    structured and applied. For example, in simple firewalls, each rule generally specifies some

    8 SeeEx. B (Mitchell Depo Tr.) at 29:13 34:14.

    9 SeeEx. B (Mitchell Depo Tr.) at 23:14 24:12; Ex. C (Mao Depo. Tr.) at 376:3-8


    10 SeeEx. B (Mitchell Depo Tr.) at 17:12-19;

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 9 of 35 PageID #: 7318

  • 8/14/2019 JNPR Opening CC Brief


  • 8/14/2019 JNPR Opening CC Brief



    The term two or more security devices is easily understandable and requires no


    Alternatively, security devices may be construed as hardware, firmware,

    software or combinations thereof for performing security functions, in accordance with the 634

    patent specification. For further clarity, the construction may also state that the security devices

    may be included on one or more programmable processors executing a computer program.

    Junipers proposed construction comes directly from the 634 patents description of the

    invention. For example, the Summary section of the patent describes plural security devices as

    a feature of the present invention, which may includ[e] computer program products. 634

    patent at 2:14-22. The specification elaborates that [t]he invention can be implemented . . . in

    computer hardware, firmware, software, or in combinations of them, and further states that

    the invention can be performed byone or moreprogrammable processors executing a

    computer program. . . . Id.at 6:1-3, 6:18-21.

    The specification also provides specific examples that further confirm that the claimed

    devices can take a variety of forms. For example, multiple security devices may be included

    in a single structure. See, e.g., 634 patent at 2:56-62, Figs. 1 & 9. Figure 9 shows that a single

    security device may itself include additional security devices such as a firewall or IPS.

    See, e.g., id.at 1:17-19, 2:49-50, 3:5-7, 7:3-7. A firewall operating as a security device can, in

    turn, be a set of computer programs, according to the priority application incorporated into the

    634 patent specification. Ex. D (Pat. App. No. 10/072,683) at 3:32; see also Visto Corp. v.

    Seven Networks, Inc., 2005 WL 6220108, at *8 (E.D. Tex. Apr. 20, 2005) (construing firewall

    as comprising software and/or hardware). Moreover, as indicated above, the 634

    specification expressly contemplates an embodiment wherein the claimed invention is executed

    14 There is no dispute regarding the phrase two or more. Though unnecessary, Juniper

    does not object to PANs proposal to construe two or more as at least two.

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 11 of 35 PageID #: 7320

  • 8/14/2019 JNPR Opening CC Brief



    on just one . . . programmable processor[]. 634 patent at 6:18-21. Junipers construction of

    security device encompasses each of these configurations and embodiments.

    PANs proposed construction, in contrast, disregards the specification by limiting

    security devices to physically distinct structures. The specification makes no reference to

    physically or distinct. Moreover, the 634 patents only use of the term structure refers

    not to a security device, but to a flow table (a non-physical data entity). Id.at 3:33. Indeed,

    PANs expert, Dr. Mitchell, admitted that a device need not be a physically distinct structure.

    Q. What is a device?

    A. Device -- device isgenerally a thing that does something.

    That probably means different things in different contexts.

    Ex. B (Mitchell Depo. Tr.) at 10:3-7. Dr. Mitchell further testified that although one way to

    think about a device was as a physical thing, that term is also used in computing to refer to

    a technique or method, which has nothing to do with physical devices. Id.at 45:2-9.

    B. receiving . . . evaluation information . . . (634 patent)Term Juniper Proposal PAN Proposal

    receiving from each of the two or more

    security devices, evaluationinformation, the evaluation information

    being generated by a respective one ofthe two or more security devices

    No construction


    receiving, from each of the two or

    more security devices, evaluationinformation generated by that


    Construction of this 28-word phrase appears unnecessary as it uses ordinary English

    words consistent with their plain meaning. Indeed, most of the words in the claim language

    (e.g., receiving from, generated, and evaluation information) also are used in PANs

    construction, and the included term security devices is the subject of a separate proposed

    construction. Nor has PAN identified any disputed merits issue to which this construction

    relates. Accordingly, no construction of this term is required.

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 12 of 35 PageID #: 7321

  • 8/14/2019 JNPR Opening CC Brief



    V. U.S. PATENT NO. 7,107,612Prior to the invention of the 612 patent, firewalls commonly used a fixed set of rules in

    performing network security functions, which the patent notes can be restrictive in many

    practical applications. 612 patent at 3:12. Thus, there was a need in the art for a firewall

    engine which can generate rules dynamically, based upon information extracted from incoming

    packets . . . . Id.at 3:912. The 612 patent describes approaches for dynamically adding or

    modifying rules based on a sequence of data packets received by a network. The newly added or

    modified rules may (for example) be designed to respond to or mitigate a network attack

    identified based on analysis of data received.

    A. rule (612 patent)Term Juniper Proposal PAN Proposal

    rule Juniper is willing to stipulate that,for purposes of the 612 patent

    claims, rules exist across multiple


    No further construction necessary.

    A rule is a policy for filteringpackets across multiple

    sessions, as distinct from alookup table

    The simple term rules does not require elaborate construction. The parties have already

    agreed on one aspect of the term, namely that rules, in the context of the 612 patent, exist

    across multiple sessions. See also Ex. B (Mitchell Depo. Tr.) at 210:2-5.15

    No further

    construction is needed for the jury to understand the basic concept of a rulea subject on

    which there appears to be substantial agreement.

    As indicated above, PAN expert Dr. Mitchell admits that, consistent with the usage . . .

    in the 612 patent, a rule generally specifies some characteristic of a packet[,] and an action . . .

    15 PAN expert Dr. Mitchell went on to identify at least one portion of the 612 patent

    specification as supporting this view: column 5, starting on line 25 and reading down.Ex. B (Mitchell Depo. Tr.) at 210:16 211:6 (So . . . the rules persist and . . . in that

    sense, they are beyond a particular session).

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 13 of 35 PageID #: 7322

  • 8/14/2019 JNPR Opening CC Brief



    to take with any packets that match the characteristic. Ex. B (Mitchell Depo. Tr.) at 130:9


    Dr. Mitchell further testified:

    I think generally, a rule is an if-then statement. If the packet has

    some properties or in some way satisfies some conditions or isrelated to the processing environment in some way, then someaction will or will not be taken as a result.

    Id.at 134:21-25. This formulation is consistent with the testimony of one of the inventors of the

    612 patent, Yuming Mao. Ex. C (Mao Depo. Tr.) at 132:3 - 134:13 (

    ). It also conforms with the exemplary rules disclosed in the 612

    patent specification. For example, Figure 3 depicts an embodiment of a rule that provides

    items that may serve as a matching criterion for the rule (e.g., source IP address), along with

    a field to specify the action to be taken if the rule is matched. 612 patent at 4:43-44. Thus,

    the specification, inventor testimony, and even PANs expert agree on the relevant characteristics

    of a rule as used in the 612 patent.

    By contrast, PANs proposed construction makes no mention of any of these agreed

    aspects of a rule, but rather attempts to inject two new concepts into the meaning of rule that

    are inconsistent with the usage in the patent.

    First, PAN argues that a rule is a policy for filtering packets. But adoption of this

    construction would introduce a conflict with the surrounding claim language or (at best)

    confusing redundancy. For example, claim 1 recites rules . . . for incoming and outgoing data

    units. Because the claim already specifies that rules apply to packets (i.e., a type of data

    units), it is incorrect to expressly restate the notion of packets in the construction for rule. See

    Phillips v. AWH Corp., 415 F.3d 1303, 1314 (Fed. Cir. 2005) (en banc) (when a concept is

    16 Dr. Mitchell further stated that in so testifying he was not trying to defin[e] what it

    means to be a rule. Ex. B (Mitchell Depo. Tr.) at 131:7-10. This is consistent with

    Junipers position that the term need not be construed.

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 14 of 35 PageID #: 7323

  • 8/14/2019 JNPR Opening CC Brief



    already included in surrounding context of a claim term, it strongly implies the term does not

    inherently include that concept). Similarly, claim 1 states that rules are for controlling access

    to and from a network device. Because the claim already specifies what the rules are for, it is

    improper to import other requirements by way of claim construction. Id.

    The second, and even more problematic, concept PAN tries to introduce into the claim

    involves the words as opposed to a lookup table. As an initial matter, PANs construction

    confuses the definitional makeup of a rule with the manner in which a particular rule is

    implemented or maintained. As explained in the technical overview above, data structures in

    memory (including rules) can be stored in a variety of formats. There is nothing in the patent or

    intrinsic record to suggest that any particular data format is excluded for the purpose of rules.17

    Indeed, PANs own experts testified that rules can, in fact, be stored in a lookup table.

    For example, Dr. Mitchell testified:

    Q. [C]an you store rules in a hash table?

    A. Yeah. Hash table is another general data structure forstoring data. You can treat rules as data and store them in a

    hash table.

    Ex. B (Mitchell Depo. Tr.) at 140:24 141:5.

    Similarly, Dr. Mitzenmacher has

    stated, in his published writings and in deposition testimony, that rules can be provided in a hash

    table for lookup. Ex. E (Mitzenmacher Article) at 207-208 (describing hash table lookups for

    a hash table that will provide the packet classification rules);

    17 Notably, PANs Founder and Chief Architect Yuming Mao, an inventor of the 612

    patent, was unable at his deposition to identify

    Ex. C (Mao Depo. Tr.) at 379:16 380:19.

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 15 of 35 PageID #: 7324

  • 8/14/2019 JNPR Opening CC Brief




    Thus, neither

    the intrinsic nor extrinsic record provides any support for PANs restrictive construction.

    VI. U.S. PATENT NO. 6,772,347The 347 patent describes technology for efficient packet processing in a firewall. For

    example, after a firewall receives a packet, the packet may be sorted or processed into initially

    denied and initially allowed packets. Later, the initially denied packets are processed or sorted

    further intoallowed or denied packets. See347 patent at Abstract, 5:45-49. Denied packets are

    dropped, and allowed packets pass through the firewall. Id.

    A. sorting packets into . . . initially denied packets (347 patent)Term Juniper Proposal PAN Proposal

    sorting packets into

    initially denied packets

    No construction required. applying rules to make a first

    determination that identifiespackets to be dropped

    There is no need to construe the term sorting packets into . . . initially denied packets.

    As an initial matter, the term as phrased by PAN does not appear in any of the asserted claims.

    Indeed, at least one of the asserted claims (claim 24) does not use the word sorting at all.

    Moreover, PANs proposed construction is inconsistent with the 347 patent in at least two ways.

    First, PANs construction improperly requires that initially denied packets be identified

    as packets to be dropped. This contradicts the 347 patents teaching that a packet neednotbe

    identified to be dropped until after it is finally denied by an additional sorting or processing

    phase. This clear distinction between initially denied and denied packets is illustrated in

    Figure 6, an embodiment where the second sorting phase is a dynamic filter:

    18 A lookup table can be used for many other purposes as well. For example, the 612

    patent describes using a lookup table to implement a flow table. 612 patent at 5:10-42;

    see alsoEx. B (Mitchell Depo. Tr.) at 80:10 - 84:3.

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 16 of 35 PageID #: 7325

  • 8/14/2019 JNPR Opening CC Brief


  • 8/14/2019 JNPR Opening CC Brief



    synonymous, and in fact, the 347 distinguishes between them. For example, some, but not all,

    of the claimed sorting steps require that the sorting be performed using rules. See, e.g.,

    Claim 14 (further sorting the initially denied packets using rules). In claim elements that

    contain a using rules limitation, PANs construction would render the claim language using

    rules completely redundant; in the other claim elements that do not set forth such a requirement,

    PANs construction would add an extraneous limitation. Neither result is consistent with the

    347 patent or the canons of claim construction. See Phillips, 415 F.3d at 1314.

    VII. U.S. PATENT NO. 7,734,752The 752 patent describes an apparatus and method for sharing information between two

    security systems to provide protection in the event of failure. Specifically, two security systems

    each store information for flows that they are actively processing, as well as flow information

    synchronized from the other security system. 752 patent at 8:17-29. By doing so, each system

    can take over processing that ordinarily would be performed by the other, if the other system

    experiences a failure event. Id. To clarify which of the two security systems is being referenced,

    the 752 patent sometimes refers to them as the primary and secondary security systems.

    A. primary portion and secondary portion (752 patent)Terms Juniper Proposal PAN Proposal

    a primary portion that stores

    information associated with theoperation of the first device-

    implemented session module,when the primary security systemis operating in a primary security


    No construction required.

    Alternatively: a portion of the flow tablethat stores information for flows that the

    primary security system participates inprocessing when failover has not


    the portion of the flow

    table that storesinformation for

    processing packetswhen all securitydevices are operational

    a secondary portion that storesinformation associated with the

    operation of the first device-implemented session module,

    when the primary security systemis functioning in a failover mode

    No construction required.

    Alternatively: a portion of the same flow

    table that stores information for flowsthat the primary security system may

    process when there is a failover event

    a different portion ofthe same flow table

    that stores informationfor processing packets

    if there is a failoverevent

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 18 of 35 PageID #: 7327

  • 8/14/2019 JNPR Opening CC Brief



    This disputed language does not require construction, as each of its words has a plain and

    ordinary meaning. PANs proposal, moreover, does not seek to clarify the claim language but

    rather to change it. Accordingly, Juniper has proposed alternative constructions that reflect the

    actual claimed invention.

    As explained above, one aspect of the 752 patent is that two systems synchronize

    information in their respective flow tables so that, if there is any malfunction affecting one

    system, the other system may use that flow information to process packets that would have been

    processed by the [other] security system but for the detected failure. 752 patent at 8:6-7; id. at

    7:37-50. To do this, each systems flow table has a secondary portion that includes

    information for flows that the session module may process in the event of a failover. Id. at

    8:22-27. Junipers proposal tracks this language from the 752 patent explicitly, stating that the

    secondary portion stores information for flows that the primary security system may process

    when there is a failover event.

    Similarly, the specification explains that the primary portion of the flow table includes

    flow information used for actively participating in the processing of the packets. Id. at 8:17-

    22. Junipers proposal also tracks this language, stating that the primary portion stores

    information for flows that the primary security system participates in processing. Mirroring

    the construction for secondary portion, Junipers construction further states that such

    processing occurs when failover hasnotoccurred in that system.20

    By contrast, PANs proposals do not correspond to language in the 752 patent or to the

    scope of the invention. For example, for both first portion and second portion, PAN seeks to

    20 Of course, even if the primary system should fail, the secondary system continues to

    participate in processing packets that the secondary system ordinarily would process (to

    the extent it was doing this before failover). See, e.g., 752 patent at 9:59-65.

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 19 of 35 PageID #: 7328

  • 8/14/2019 JNPR Opening CC Brief



    replace information associated with the operation of the first device-implemented session

    module with information for processing packets. As the preceding element of claim 1

    explains, however, the claimed session module is used to maintain flow information. . . to

    facilitate processing of the packets. Thus, its operation comprises use of flow information.

    PANs use of the more generalized phrase information for processing packets is at best

    imprecise, as it could be read as encompassing activity having nothing to do with the use of flow

    information maintained by the session module. For example, as illustrated in Figure 5, if a

    session is not found for a packet (e.g., because it is the first packet of a flow), the packet may

    nevertheless undergo processing before flow information is even generated (in step 555). And

    Figure 5 depicts other additional steps that may occur even on existing flows before extracting

    information from the session modules flow table.

    As another example, PANs construction for secondary portion requires that the second

    portion be different from the first portion. The 752 patent does not use the word different in

    relation to any aspect of the flow table. Nor does labeling the portions as primary and

    secondary necessitate that these portions be distinct. See Northeastern Univ. et al. v. Google,

    Inc., 2010 WL 4511010, at *8 (E.D. Tex. Nov. 9, 2010) (Absent support from the intrinsic

    record or the language of the claims, requiring the first portion of the hashed query fragment to

    be distinct and separate from the second portion would be improper.). PAN has previously

    suggested that the basis for this aspect of its construction is an embodiment which describes the

    first and second portions as dedicated to store certain information (see752 patent at 8:17-27).

    However, dedicated and different do not mean the same thing. Moreover, this is one

    embodiment, and the specification goes on to explain that the primary and secondary portions

    also may be integrated togetherthe opposite of distinct or different. Id. at 8:27-29.

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 20 of 35 PageID #: 7329

  • 8/14/2019 JNPR Opening CC Brief



    PAN also makes other unexplained changes to the claim language, such as replacing the

    word a with the, and introducing the term operational, a term which is not used in the

    claims or the specifications discussion of the claimed portions. These changes introduce further

    uncertainty and inaccuracy, and the Court should therefore reject them as well.

    VIII. U.S. PATENT NO. 8,077,723The 723 patent describes technology that uses tags to improve the efficiency of packet

    processing in a system containing multiple processing engines. For example, in the 723

    patent, a first engine directs a packet to a second engine. The second engine then processes the

    packet and associates a tag with the packet that contains information related to the processing of

    the packet. The information in the tag can include information that is useful to other engines

    when they are processing or routing the packet. See723 patent at 5:50 6:5. Subsequently, the

    first engine directs the packet to a third engine, and the third engine processes the packet using

    the information in the tag. In one embodiment of the 723 patent, the second and third engines

    are included on one integrated circuit.

    A. first engine and second engine (723 patent)Terms Juniper Proposal PAN Proposal

    first engine No construction required.Alternatively, engine may be

    construed as:

    hardware, firmware, software, orcombinations thereof for

    implementing one or more

    functional operations

    software program on a firstprocessor

    second engine software program on a second


    PANs proposal to construe the terms first engine and second engine may be best

    understood by first considering the context of the parties dispute regarding this element of the

    723 patent.

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 21 of 35 PageID #: 7330

  • 8/14/2019 JNPR Opening CC Brief



    Ex. C (Mao Depo. Tr.) at

    197:7 202:8.

    Id.at 198:4-10. PAN now seeks to change the ordinary meaning of

    engine in an attempt to distinguish it from the way PAN consistently uses engine in

    describing its products. That, of course, is not a valid reason to construe the claims.

    The 723 patent makes clear what an engine does (and does not) mean in the claims.

    As PANs Founder and Chief Architect (also a named inventor) Yuming Mao admitted,


    e.g., Ex. C (Mao Depo. Tr.) at 197:7-18. The 723 patent specification explains that the

    engines of the claimed invention are a functional concept that can be implemented with

    hardware and/or software: the functional operations described herein can be implemented in . .

    . computer hardware, firmware, software, or in combinations of them, including on one or

    more programmable processors. 723 patent at 10:20-23, 10:38-39.21 Junipers proposed

    construction accurately captures this full range of embodiments, using the exact language of the

    patentassuming the term engine requires construction at all.

    Other PAN admissions provide further support for Junipers construction. For example,

    PAN states in its own patent applications (authored by the 723 patents inventors, Mao and Zuk)

    that a processing engine can be of the form of hardware or software of combinations or both.

    Ex. G (Pat. App. No. 2008/0253366) 0021.

    21 As shown above, this language is also used in the 634 patent specification to describe the

    breadth of possible architectural implementations; indeed, the 723 patent notes that a

    processing engine can be an example of a device. See723 patent at 5:34-36.

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 22 of 35 PageID #: 7331

  • 8/14/2019 JNPR Opening CC Brief



    And PANs expert

    Dr. Mitchell, when asked whether he disagreed with the notion that an engine can be software

    that performs a function, responded, I dont see any reason to disagree with that. Ex. B

    (Mitchell Depo. Tr.) at 172:15-23; see also id.at 104:21-24 (Q. Have you ever heard the word

    engine used to describe software? A. I believe so.). These PAN admissions confirm the

    accuracy of Junipers proposed construction for engine: hardware, firmware, software, or

    combinations thereof for implementing one or more functional operations.

    PANs proposed constructions, by contrast, seek to artificially constrain the scope of

    engine to only the specific combination of a software programanda processor. As shown

    by the evidence cited above, the 723 patent invention may well encompass such a combination

    as a possible embodiment, but does not require it. For example, the patent states that the

    invention maybe implemented using a stand-alone [software] program, but also permits use of

    a software module, component, subroutine, or other unit suitable for use in a computing

    environment. 723 patent at 10:32-34. Other disclosed implementations focus more on

    hardware, e.g., special purpose logic circuitry such as an FPGA or ASIC. Id.at 10:41-45.

    PANs proposal improperly excludes these embodiments.

    Moreover, PANs constructions for the first and second engine terms are also

    problematic to the extent that they may be understood as improperly introducing a requirement

    that the first and second engines include different software programs running on different


    There is no basis for introducing such a constraint into the 723 patent claims

    22 PAN is not requesting construction of the term third engine, presumably because a

    construction suggesting that engines must be physically separated could not apply to

    the second and third enginein claim 1, those engines are included on one integratedcircuit. However, PANs attempt to avoid this issue by construing only the first and

    second engines only creates an additional problem of inconsistency within the claims.

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 23 of 35 PageID #: 7332

  • 8/14/2019 JNPR Opening CC Brief



    through the engine terms. The claim drafters knew how to specify a difference requirement

    when they wanted one; in fact, claim 1 expressly requires that the second engine is different

    than the third engine. By contrast, claim 1 contains no such requirement as between the first

    and second engines, and thus there is no basis for adding one now. See Northeastern Univ., 2010

    WL 4511010, at *8 (improper to read distinct and separate requirement into claims [a]bsent

    support from the intrinsic record).23

    Requiring separate processors for multiple engines is also contrary to the 723 patent

    specification, which indicates that the invention may be performed on one programmable

    processor. 723 patent at 10:38-39. Tellingly, PANs expert Dr. Mitchell opined that, based on

    the understanding of engine in PANs construction, it would not be possible to perform the

    method of the invention on a single programmable processorthus confirming that PANs

    construction contradicts the specification. Ex. B (Mitchell Depo. Tr.) at 106:13 107:1. Dr.

    Mitchell also admitted that the 723 patent does not require separate software programs, as

    functionally distinct engines can be part of the same executable software file. Id.at 241:16

    242:3. Indeed, claim 1 illustrates that that engines need not be physically separate, describing

    multiple engines as included on a single integrated circuit.

    B. route a packet (723 patent)Term Juniper Proposal PAN Proposal

    route a packet No construction required. Alternatively, Juniperwould be willing to adopt send a packet(PANs

    original proposed construction) as a compromise, if

    the parties agree to further clarify that send doesnot exclude routing by reference or by pointer.

    send a packet from asource to its intended


    23 Compare claims 9 and 17, whichdoexpressly require a second engine that is differentthan the first engine. Such an express limitation would not be necessary if the terms

    first engine and second engine inherently included the concept of difference.

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 24 of 35 PageID #: 7333

  • 8/14/2019 JNPR Opening CC Brief


  • 8/14/2019 JNPR Opening CC Brief



    recites routing . . . a packet to a second engine, whereas dependent claim 13 further requires

    routing the packet to a destination.

    Figure 1 of the patent provides a further illustration. The router labeled 118 is

    connected to and capable of routing packets to destinations on the network such as a web

    server (110) or workstations (134). But no connection is shown between the router and the

    individual engines that are part of processing system 126, because the individual engines within

    one packet processing system are not discrete network destinations. Therefore, there must be

    some othermechanism available to route packets between engines.

    The 723 patent encompasses a number of methods for communication between the

    claimed engines. As described in the technical overview, one skilled in the computer arts would

    understand that a packet in memory may be passed in a system either by making a copy of the

    packet data in a new location, or by using a pointer to the memory location corresponding to

    the packet location. The 723 patent specification expressly contemplates this approach of using

    pointers to communicate packet data. For example, the 723 patent incorporates by reference the

    entirety of the 634 patent disclosure, including the following diagram:

    See723 patent at 1:11-12; 634 patent at Fig. 6. Similarly, an earlier patent application that is

    incorporated by reference into the 723 patent specification (723 patent at 2:66 3:3) provides

    extensive discussion of the use of pointers. See, e.g., Ex. D (U.S. Pat. App. No. 10/072,683) at

    33-40, Figs. 8, 9, 11.24

    24 Even PANs expert Dr. Mitchell concedes that [t]wo [software] processes on the same

    computer can use some forms of shared memory and that in such a case, some data . . .

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 26 of 35 PageID #: 7335

  • 8/14/2019 JNPR Opening CC Brief



    Contrary to the intrinsic record, PANs construction is misleading because the jury could

    interpret it to require the physical movement of a packet. For the reasons discussed above, this

    contradicts basic computer networking principles and the 723 patent. As a further example, the

    patent explains that to route the packets to processing engines is a form of communication

    between processing engines. 723 patent, 4:5-6 (communication between processing engines

    [as] discussed in greater detail below); 4:15-16 (route the packets to processing engines).

    One of ordinary skill in the art would understand that communicationdoes not require physical

    movement. In fact, PANs expert Dr. Mitchell testified that he was not sure that send was an

    appropriate way to characterize the communication of data packets within a computer. See Ex. B

    (Mitchell Depo. Tr.) at 16:16-22. PANs expert also identified a concrete example of routing

    without movement, namely, the use of a well-known networking mechanism called localhost,

    where one can route packets to oneself. Id. at 75:12-24. And the specification notes the

    possibility that the claimed engines between which routing takes place can be integrated on a

    single integrated circuit (IC). 723 patent at 10:15-17. Thus, adopting PANs construction

    would be inaccurate and misleading unless, per Junipers proposed compromise, the construction

    clarified that it does not exclude routing by reference or by pointer.

    C. a tag and associate a tag (723 patent)Term Juniper Proposal PAN Proposal

    a tag No construction required. a structure for holding data thatis sent along with a packet

    associate a tag No construction required.

    Alternatively, associate may be construed

    as: to connect or bring into relationship in

    any of various intangible ways

    form a connection with a tag

    could reside in shared memory and, therefore, be read by the second process from thesame shared memory location the first process wrote it intothat is, sending or routing

    the data via pointer. Ex. B (Mitchell Depo. Tr.) at 73:12 75:11.

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 27 of 35 PageID #: 7336

  • 8/14/2019 JNPR Opening CC Brief



    The terms a tag and associate a tag do not need construction. The term tag is

    consistently used in the 723 to refer to the data or information used to help process packets in

    the multiple processing engine system of the 723 patent. For example, the 723 patent explains

    that a tag can provide information that a particular packet was determined to be possibly part of

    an attack on the system. 723 patent at 7:62-64. A tag can also comprise such information as

    network layer 3 and layer 4 data, a context pointer . . . and a communication action flag. Id.at

    5:57-60. Additional types of information for a tag are also possible. Id.

    Because the information in a tag is to be used for processing a packet, the claims also

    provide that a tag needs to be associate[d] with the packet in some way. The word associate

    is used in its common English language sense; the patent does not provide any specialized

    definition or specify that association occur in any particular manner. Thus, it should be given its

    plain English language meaning, which is to connectorbring into relationship in any of various

    intangible ways. SeeEx. J (Merriam-Websters Collegiate Dictionary10th ed.) at 70 (to bring

    together or into relationship in any of various intangible ways); Ex. K (Websters College

    Dictionary2005 ed.) at 76 (bring into relation).

    Those of skill in the art would appreciate that there are a variety of ways to associate a

    tag with a packet, as reflected in the 723 patent specification. For example, the 723 patent

    incorporates into its specification an earlier application describing association through use of

    memory pointers. See 723 patent at 2:66 3:3; Ex. D (U.S. Pat. App. No. 10/072,683) at

    34:3-9 (this association [of packet flow and session] is done by a double pointer).

    Alternatively, the specification notes that a tag can be appended or prepended to the packet.

    723 patent at 2:60-61. PANs expert Dr. Mitchell has further observed that often the way that

    a tag or other annotation is associated with a data value is through some other data structure that

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 28 of 35 PageID #: 7337

  • 8/14/2019 JNPR Opening CC Brief



    contains both of them or links them in some way. Ex. B (Mitchell Depo. Tr.) at 228:7-10.

    Junipers construction encompasses all of these valid possibilities.

    By contrast, PANs proposed constructions confuse, rather than clarify, the meaning of

    associate a packet. As with several other claim terms, PANs construction is susceptible to

    being misinterpreted as imposing physical limitations inapplicable to the network security

    context of the 723 patent. See Ex. C (Mao Depo. Tr.) at 377:3-7

    For example, PANs

    proposal requires that a tag is sent along with a packet. The 723 patent does not use this

    language, and (as noted in the technical overview and in connection with other claim terms) the

    concept of sending is ill-suited to non-physical data structures such as packets and tags.

    Moreover, PANs position that tags must be sent along with packets is at odds with the

    patent specification, which presents two alternative scenarios: (1) tags and packets are

    communicated over separate paths, as illustrated in Figure 3a; or (2) [a]lternatively, packets and

    tags may be sent over a common path. 723 patent, 5:4-7, Fig. 3. Because the 723 patent

    contemplates that tags and packets may be sent over either different or common paths, it is

    incorrect torequirethat tags and packets be sent together. Because PANs construction excludes

    the embodiment where tags and packets are sent over different paths, it is improper. Oatey Co.

    v. IPS Corp., 514 F.3d 1271, 1276 (Fed. Cir. 2008) (We normally do not interpret claim terms

    in a way that excludes embodiments disclosed in the specification.).

    PANs constructions also present the risk of being misunderstood as requiring that the tag

    be physically appended to the packet itself. The intrinsic record rejects this notion. The 723

    patent specification clearly explains that [t]ags can be appended or prepended to the packet,

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 29 of 35 PageID #: 7338

  • 8/14/2019 JNPR Opening CC Brief



    but also can be communicated over separate paths. 723 patent at 2:60-61; Fig. 3. PAN

    overlooks this discretionary language to the extent it seeks to mandate a physical connection

    between the tag and packet. PANs construction is also inconsistent with the meaning of

    associated as reflected in the prosecution history. For example, claim 17 of the original patent

    application included the language creating a tag associated with the packet, while original

    dependent claim 22 added the limitation wherein creating a tag includes one of appending the

    tag to the packet or prepending the tag to the packet. Appendix Ex. 8 at JA-246 (5/14/10 Patent

    App.). According to the doctrine of claim differentiation, this connotes that the patentee did not

    consider appending or prepending to be an intrinsic part of associating, because those

    limitations were added by a dependent claim. Liebel-Flarsheim Co. v. Medrad, Inc., 358 F.3d

    898, 910 (Fed. Cir. 2004) (the presence of a dependent claim that adds a particular limitation

    raises a presumption that the limitation in question is not found in the independent claim).

    Finally, an additional problem with PANs proposed language, a structure for holding

    data, has recently arisen. It now appears based on expert discovery that PAN may be taking the

    position that a structure (a word that is not used in the 723 patent) does not include data


    That position is inconsistent with the specification, which (as shown above), considers

    the information included in a tag an essential part of the tag itself. Put simply, a tag includes

    information. See, e.g., 723 patent at 2:22-23. The 723 patent does not contemplate that a tag

    is independent of that information. This constitutes another reason why PANs construction

    25 As part of the meet-and-confer process, Juniper inquired whether PAN would accept the

    phrase a structure for holding data standing alone as an acceptable construction for

    tag, but PAN did not respond. After the parties submitted the Joint Claim ConstructionStatement, Juniper learned of PANs apparent position that a structure for holding data

    did not include the data itself. Because Juniper disagrees with that premise, it haswithdrawn its prior proposal to avoid a situation where construction might generate more

    confusion than it would resolve.

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 30 of 35 PageID #: 7339

  • 8/14/2019 JNPR Opening CC Brief



    should not be adopted, and the plain meaning of the straightforward term tag should govern.

    IX. U.S. PATENT NO. 7,779,459The 459 patent discusses security domains and the processing of both inter-zone and

    intra-zone packets, where inter-zonetraffic passes between distinct security domains and intra-

    zone traffic remains within a security domain. See 459 patent at 6:62-65; 10:42-59. For

    example, the 459 patent describes ways to bypass one or more types of security screening for

    intra-zone packets traveling within a distinct security domain, to increase processing efficiency.

    A. security screening (459 patent)Term Juniper Proposal PAN Proposal

    security screening No construction required.


    application of one or more security


    inspection to determine whether a

    packet should be dropped

    Although the term security screening does not require construction, Juniper has

    alternatively proposed a modified version of PANs earlier proposed construction (the

    construction that PANs experts use): application of one or more security policies.26

    Consistent with Junipers construction and aspects of PANs original construction, the

    specification of the 459 patent describes security screening as application of a security policy

    or policies. See, e.g., 459 patent at 7:19-21 (policies can be established for . . . screening

    packets as they traverse the security switch), 9:5-9 (after an appropriate policy is retrieved,

    then the packet is inspected . . . [which] can include screening); see also Fig. 3 (showing

    policies retrieved if a [p]acket [is] to be screened). The patent explains that screening can be

    based on one or more considerations, e.g., packets can be screened based on source,

    26 PAN originally proposed applying security policies to determine whether a packet

    should be forwarded but changed position after expert reports.

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 31 of 35 PageID #: 7340

  • 8/14/2019 JNPR Opening CC Brief



    destination, or both. 459 patent at 7:31-34. Similarly, dependent claim 2 discloses that

    performing the security screening may comprise enforcing at least one security constraint.

    By contrast, PANs proposed construction inspection to determine whether a packet

    should be droppeddoes not have similar support in the intrinsic record. The 459 patent does

    not equate screening with inspection, and in fact expressly distinguishes the concepts. Id.at

    7:20 (inspecting or otherwise screening), 9:8-9 (inspection can include screening).

    Moreover, the 459 patent never discloses or even suggests that security screening is

    equivalent to determin[ing] whether a packet should be dropped. Thus, PANs proposal is

    inconsistent with the 459 patent and should not be adopted.

    B. without performing the security screening (459 patent)Term Juniper Proposal PAN Proposal

    without performing

    the security screening

    No construction required.


    without applying the one or

    more security policies that areapplied to inter-zone traffic

    without performing inspection to

    determine whether a packet shouldbe dropped

    The issues presented for the term without performing the security screening are

    essentially the same as discussed above for security screening, with one important exception:

    PAN attempts an additional sleight of hand by deleting the definite article the from the claim

    term. This facially minor change significantly changes the meaning of the 459 patent claims.

    Claims must be construed with an eye toward giving effect to all terms in the claim.

    Bicon, Inc. v. Straumann Co., 441 F. 3d 945, 950 (Fed. Cir. 2006). In patent law, the word the

    has a particular, well-defined meaning: it signals that the term that follows is referring to

    something mentioned earlier in the claim (often referred to as its antecedent basis). See NTP,

    Inc. v. Research in Motion, Ltd., 418 F. 3d 1282, 1306 (Fed. Cir. 2005). Thus, in claim 1 of the

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 32 of 35 PageID #: 7341

  • 8/14/2019 JNPR Opening CC Brief



    459 patent, the term thesecurity screening refers to thesame security screening recited in

    the preceding elementthat is, the claimed security screening performed based on a []

    determination that the packet is to pass between the two distinct security domains.27

    PANs attempt to read the antecedent basis out of without thesecurity screening is not

    only inaccurate, but could engender significant confusion. Particularly when coupled with

    PANs (improper) proposal to define screening by reference to determin[ing] whether a

    packet should be dropped, the jury could be left with the erroneous impression that no packet

    can be dropped unless: (1) it is determined to be an inter-zone packet, and (2) an inspection is

    performed, based on that determination, which further determines that the packet must be

    dropped. Of course, a packet can be dropped for many other reasons. The 459 patent describes

    one example where a packet can be dropped if the MAC address is unknown. Id. at 3:60-61.

    The 459 patent also describes setting a period of time to attempt to locate an address for the

    packet and dropping the packet after the expiration of the predetermined amount of time. Id.at

    3:44-60. Furthermore, the 459 patent describes embodiments in which firewall protections

    are applied to both inter-zone and intra-zone traffic, such as TCP stateful inspection, syn-

    attack guard, and policy-based control. Id. at 4:48-52. These scenarios could likewise result

    in a packet being dropped.

    Only Junipers proposed construction (without applying the one or more security

    policies that are applied to inter-zone traffic) captures the meaning of the complete claim term

    without the security screening. It retains the key definite article the (the one or more

    security policies) and makes clear that the referenced security policies are those that the claim

    earlier indicated are applied based on the determination that a packet is an inter-zone packet.

    27 The patent uses the term inter-zone to refer to packets passed from one zone or security

    domain to another. See, e.g., 459 patentat 6:62-65.

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 33 of 35 PageID #: 7342

  • 8/14/2019 JNPR Opening CC Brief



    Thus, if the Court construes this claim term, it should adopt Junipers proposal.

    C. security domains (459 patent)Term Juniper Proposal PAN Proposal

    security domains security security domains [no response]

    Finally, the Court should exercise its power to correct a typographical error in the 459

    patent, where the claims recite security domains security instead of security domains. See,

    e.g., CBT Flint Partners, LLC v. Return Path, Inc., 654 F.3d 1353, 1358 (Fed. Cir. 2011) (It is

    well-settled law that, in a patent infringement suit, a district court may correct an obvious error in

    a patent claim.). PAN does not dispute Juniper's proposal and courts routinely correct such

    errors. See, e.g., Freedom Wireless, Inc. v. Alltel Corp., 2008 WL 4647270, at *13 (E.D. Tex.

    Oct. 17, 2008) (correcting causing a call is caused to be terminated by omitting is caused).

    X. CONCLUSIONFor the foregoing reasons, Juniper respectfully requests that its proposed constructions be



    Morgan ChuJonathan S. Kagan

    Lisa S. GlasserDavid McPhie

    Rebecca CliffordTalin Gordnia

    IRELL &MANELLA LLP1800 Avenue of the Stars, Suite 900

    Los Angeles, CA 90067-4276(310) 277-1010


    /s/ Jennifer YingJack B. Blumenfeld (#1014)Jennifer Ying (#5550)

    1201 North Market StreetP.O. Box 1347

    Wilmington, DE 19899-1347(302) 658-9200

    [email protected]

    [email protected]

    Attorneys for Plaintiff

    July 19, 20137376005

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 34 of 35 PageID #: 7343

  • 8/14/2019 JNPR Opening CC Brief



    I hereby certify that on August 21, 2013, I caused the foregoing to be

    electronically filed with the Clerk of the Court using CM/ECF, which will send notification of

    such filing to all registered participants.

    I further certify that I caused copies of the foregoing document to be served on

    August 21, 2013, upon the following in the manner indicated:

    Philip A. Rovner, EsquireJonathan A. Choa, Esquire

    POTTER ANDERSON &CORROON LLP1313 North Market Street

    Hercules PlazaWilmington, DE 19801

    Attorneys for Defendant


    Daralyn J. Durie, EsquireRagesh K. Tangri, Esquire

    Ryan M. Kent, EsquireBrian C. Howard, Esquire

    Sonali D. Maitra, EsquireDURIE TANGRI LLP

    217 Leidesdorff StreetSan Francisco, CA 94111

    Attorneys for Defendant


    Harold J. McElhinny, EsquireMichael A. Jacobs, Esquire

    Matthew A. Chivvis, EsquireMatthew I. Kreeger, Esquire

    MORRISON &FOERSTER LLP425 Market Street

    San Francisco, CA 94105Attorneys for Defendant


    /s/ Jennifer Ying

    Jennifer Ying (#5550)

    Case 1:11-cv-01258-SLR Document 181 Filed 08/21/13 Page 35 of 35 PageID #: 7344