Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

SRI International, Inc. v. Cisco Systems, Inc.

United States District Court, D. Delaware

May 25, 2017

SRI INTERNATIONAL, INC., Plaintiff,
v.
CISCO SYSTEMS, INC. Defendant.

          Thomas L. Halkowski, Esquire and Susan E. Morrison, Esquire of Fish & Richardson P.C., Wilmington, Delaware. Of Counsel: Frank Scherkenbach, Esquire, Joanna M. Fuller, Esquire, Philip W. Goter, Esquire, David M. Hoffman, Esquire, David Kuznick, Esquire, David S. Morris, Esquire, Howard G. Pollack, Esquire, and Michael Sobolev, Esquire of Fish & Richardson P.C. Counsel for Plaintiff.

          Jack B. Blumenfeld, Esquire and Michael J. Flynn, Esquire of Morris, Nichols, Arsht & Tunnell L.L.P., Wilmington, Delaware. Of Counsel: Adam R. Alper, Esquire, Oliver C. Bennett, Esquire, Steven Cherny, Esquire, Michael W. De Vries, Esquire, Sarah K. Tsou, Esquire, and Jason M. Wilcox, Esquire of Kirkland & Ellis, L.L.P. and William F. Lee, Esquire of Wilmer Cutler Pickering Hale and Dorr L.L.P. Counsel for Defendant.

          MEMORANDUM OPINION

          ROBINSON, SENIOR DISTRICT JUDGE.

         I. INTRODUCTION

         On September 4, 2013, plaintiff SRI International, Inc. ("SRI") filed suit against defendant Cisco Systems Inc. ("Cisco"), alleging infringement of U.S. Patent No. 6, 711, 615 ("the '615 patent") and 6, 484, 203 ("the '203 patent") (collectively, "the patents"). (D.I. 1) On December 18, 2013, Cisco answered the complaint and counterclaimed for non-infringement and invalidity. (D.I. 9) SRI answered the counterclaims on January 13, 2014. (D.I. 11) The court issued a claim construction order on May 14, 2015. (D.I. 138) In a memorandum opinion and order dated April 11, 2016, the court resolved several summary judgment motions. (D.I. 301; D.I. 302)

         The court held an eight-day jury trial from May 2-11, 2016 on infringement, validity, willfulness, and damages of claims 1, 2, 13, and 14 of the '615 patent and claims 1, 2, 12, and 13 of the '203 patent ("the asserted claims"). On May 12, 2016, the jury returned a verdict that Cisco intrusion protection system ("IPS") products, Cisco remote management services, Cisco IPS services, Sourcefire IPS products, and Sourcefire professional services directly and indirectly infringe the asserted claims of the '615 and '203 patents. (D.I. 337 at 1-4) The jury determined that the asserted claims are not invalid. (D.I. 337 at 6-7) As a consequence of this infringement, the jury awarded SRI a 3.5% reasonable royalty amounting to $8, 680, 000 for sales of Cisco products and services and $14, 980, 000 for sales of Cisco/Sourcefire products and services, for a total of $23, 660, 000. (D.I. 337 at 8) The jury also found that SRI had established, by clear and convincing evidence, that Cisco's infringement was willful. (D.I. 337 at 5)

         Presently before the court are the following motions: (1) Cisco's motion for judgment as a matter of law, new trial, and remittitur (D.I. 351); (2) SRI's motion for attorney fees (D.I. 349); and (3) Cisco's motion to supplement the record (D.I. 385). The court has jurisdiction pursuant to 28 U.S.C. §§ 1331 and 1338(a).

         II. BACKGROUND

         A. The Parties

         SRI is an independent, not-for-profit research institute incorporated under the laws of the State of California, with its principal place of business in Menlo Park, California. (D.I. 1 at ¶ 1) SRI conducts client-supported research and development for government agencies, commercial businesses, foundations, and other organizations. (Id. at ¶ 6) Among its many areas of research, SRI has engaged in research related to computer security and, more specifically, to large computer network intrusion detection systems and methods. (Id.) Cisco is a corporation organized and existing under the laws of the State of California, with its principal place of business in San Jose, California. (Id. at ¶ 2) Cisco provides various intrusion prevention and intrusion detection products and services. (Id. at ¶ 14)

         B. The Technology

         The patents relate to the monitoring and surveillance of computer networks for intrusion detection. In particular, the patents teach a computer-automated method of hierarchical event monitoring and analysis within an enterprise network that allows for real-time detection of intruders. Upon detecting any suspicious activity, the network monitors generate reports of such activity. The claims of the patents focus on methods and systems for deploying a hierarchy of network monitors that can generate and receive reports of suspicious network activity.

         The '615 patent (titled "Network Surveillance") is a continuation of the '203 patent (titled "Hierarchical Event Monitoring and Analysis"), and the patents share a common specification and priority date of November 9, 1998. (D.I 179 at 1) The asserted claims include independent claims 1 and 13 of the '615 patent, which claims read as follows:

1. A computer-automated method of hierarchical event monitoring and analysis within an enterprise network comprising:
deploying a plurality of network monitors in the enterprise network;
detecting, by the network monitors, suspicious network activity based
on analysis of network traffic data selected from one or more of the following categories: (network packet data transfer commands, network packet data transfer errors, network packet data volume, network connection requests, network connection denials, error codes included in a network packet, network connection acknowledgements, and network packets indicative of well-known network-service protocols};
generating, by the monitors, reports of said suspicious activity; and
automatically receiving and integrating the reports of suspicious activity, by one or more hierarchical monitors.

('615 patent, 15:1-21)

13. An enterprise network monitoring system comprising:
a plurality of network monitors deployed within an enterprise network,
said plurality of network monitors detecting suspicious network activity based on analysis of network traffic data selected from one or more of the following categories: (network packet data transfer commands, network packet data transfer errors, network packet data volume, network connection requests, network connection denials, error codes included in a network packet, network connection acknowledgements, and network packets indicative of well-known network-service protocols};
said network monitors generating reports of said suspicious activity; and
one or more hierarchical monitors in the enterprise network, the hierarchical monitors adapted to automatically receive and integrate the reports of suspicious activity.

('615 patent, 15:56-16:6)

         III. STANDARD OF REVIEW

         A. Renewed Motion for Judgment as a Matter of Law

         The Federal Circuit "review[s] a district court's denial of judgment as a matter of law under the law of the regional circuit. WBIP, LLC v. Kohler Co., 829 F.3d 1317, 1325 (Fed. Cir. 2016) (citation omitted). In the Third Circuit, a "court may grant a judgment as a matter of law contrary to the verdict only if 'the record is critically deficient of the minimum quantum of evidence' to sustain the verdict." Acumed LLC v. Advanced Surgical Servs., Inc., 561 F.3d 199, 211 (3d Cir. 2009) (citing Gomez v. Allegheny Health Servs., Inc., 71 F.3d 1079, 1083 (3d Cir. 1995)); see also McKenna v. City of Philadelphia, 649 F.3d 171, 176 (3d Cir. 2011). The court should grant judgment as a matter of law "sparingly" and "only if, viewing the evidence in the light most favorable to the nonmovant and giving it the advantage of every fair and reasonable inference, there is insufficient evidence from which a jury reasonably could find liability." Marra v. Philadelphia Hous. Auth., 497 F.3d 286, 300 (3d Cir. 2007) (citing Moyer v. United Dominion Indus., Inc., 473 F.3d 532, 545 n.8 (3d Cir. 2007)). "In performing this narrow inquiry, [the court] must refrain from weighing the evidence, determining the credibility of witnesses, or substituting [its] own version of the facts for that of the jury. Id. (citing Lightning Lube, Inc. v. Witco Corp., 4 F.3d 1153, 1166 (3d Cir. 1993)). Judgment as a matter of law may be appropriate when there is "a purely legal basis" for reversal "that does not depend on rejecting the jury's findings on the evidence at trial." Acumed, 561 F.3dat211.

         B. Motion for a New Trial

         Federal Rule of Civil Procedure 59(a) provides, in pertinent part:

A new trial may be granted to all or any of the parties and on all or part of the issues in an action in which there has been a trial by jury, for any of the reasons for which new trials have heretofore been granted in actions at law in the courts of the United States.

Fed. R. Civ. P. 59(a). The decision to grant or deny a new trial is within the sound discretion of the trial court and, unlike the standard for determining judgment as a matter of law, the court need not view the evidence in the light most favorable to the verdict winner. See Allied Chem. Corp. v. Daiflon, Inc., 449 U.S. 33, 36 (1980); Leonard v. Stemtech Int'l Inc., 834 F.3d 376, 386 (3d Cir. 2016) (citing Olefins Trading, Inc. v. Han Yang Chem. Corp., 9 F.3d 282 (3d Cir. 1993)); Life Scan Inc. v. Home Diagnostics, Inc., 103 F.Supp.2d 345, 350 (D. Del. 2000) (citations omitted); see also 9A Wright & Miller, Federal Practice and Procedure § 2531 (2d ed. 1994) ("On a motion for new trial the court may consider the credibility of witnesses and the weight of the evidence."). Among the most common reasons for granting a new trial are: (1) the jury's verdict is against the clear weight of the evidence, and a new trial must be granted to prevent a miscarriage of justice; (2) newly-discovered evidence exists that would likely alter the outcome of the trial; (3) improper conduct by an attorney or the court unfairly influenced the verdict; or (4) the jury's verdict was facially inconsistent. See Zarow-Smith v. N.J. Transit Rail Operations, 953 F.Supp. 581, 584-85 (D.N.J. 1997) (citations omitted). The court must proceed cautiously, mindful that it should not simply substitute its own judgment of the facts and the credibility of the witnesses for those of the jury. Rather, the court should grant a new trial "only when the great weight of the evidence cuts against the verdict and a miscarriage of justice would result if the verdict were to stand." Leonard, 834 F.3d at 386 (citing Springer v. Henry, 435 F.3d 268, 274 (3d Cir. 2006) and Williamson v. Consol. Rail Corp., 926 F.2d 1344, 1352-53 (3d Cir. 1991)) (internal quotation marks omitted).

         C. Attorney Fees

         Section 285 provides, in its entirety, "[t]he court in exceptional cases may award reasonable attorney fees to the prevailing party." 35 U.S.C. § 285. "When deciding whether to award attorney fees under § 285, a district court engages in a two-step inquiry." MarcTec, LLC v. Johnson & Johnson, 664 F.3d 907, 915 (Fed. Cir. 2012). The court first determines whether the case is exceptional and, if so, whether an award of attorney fees is justified. Id. at 915-16 (citations omitted). The Supreme Court has defined "an 'exceptional' case [as] simply one that stands out from others with respect to the substantive strength of a party's litigating position (considering both the governing law and the facts of the case) or the unreasonable manner in which the case was litigated." Octane Fitness LLC v. Icon Health & Fitness, Inc., ___U.S.___, 134 S.Ct. 1749, 1756(2014).

         District courts should consider the "totality of the circumstances" and use their discretion to determine on a case-by-case basis whether a case is "exceptional." Id. "[A] 'nonexclusive' list of'factors, ' [to consider] includ[es] 'frivolousness, motivation, objective unreasonableness (both in the factual and legal components of the case) and the need in particular circumstances to advance considerations of compensation and deterrence.'" Id. at n.6. Cases which may merit an award of attorney fees include "the rare case in which a party's unreasonable conduct-while not necessarily independently sanctionable-is nonetheless so 'exceptional' as to justify an award of fees" or "a case presenting either subjective bad faith or exceptionally meritless claims." Id. at 1757. A party seeking attorney fees under § 285 must prove the merits of their contentions by a preponderance of the evidence. Id. at 1758.

         IV. DISCUSSION

         A. Cisco's Renewed JMOL - Liability

         Cisco renews its motion for judgment as a matter of law as to infringement, arguing that "[t]he record lacks substantial evidence to support the jury's verdict of direct infringement, inducement, and contributory infringement." (D.I. 352 at 1)

         1. Standard

         a. Direct Infringement

         A patent is infringed when a person "without authority makes, uses or sells any patented invention, within the United States . . . during the term of the patent." 35 U.S.C. § 271(a). To prove direct infringement, the patentee must establish that one or more claims of the patent read on the accused device literally or under the doctrine of equivalents. Advanced Cardiovascular Sys., Inc. v. Scimed Life Sys., Inc., 261 F.3d 1329, 1336 (Fed. Cir. 2001). A two-step analysis is employed in making an infringement determination. Markman v. Westview Instruments, Inc., 52 F.3d 967, 976 (Fed. Cir. 1995), aff'd, 517 U.S. 370 (1996). First, the court must construe the asserted claims to ascertain their meaning and scope, a question of law. Id. at 976-77; see also Teva Pharms. USA, Inc. v. Sandoz, Inc., ___U.S.___, 135 S.Ct. 831, 837 (2015). The trier of fact must then compare the properly construed claims with the accused infringing product. See Markman, 52 F.3d at 976. This second step is a question of fact. Spectrum Pharm., Inc. v. Sandoz Inc., 802 F.3d 1326, 1337 (Fed. Cir. 2015) (citing Bai v. L&L Wings, Inc., 160 F.3d 1350, 1353 (Fed. Cir. 1998)).

         "Direct infringement requires a party to perform each and every step or element of a claimed method or product." Exergen Corp. v. Wal-Mart Stores, Inc., 575 F.3d 1312, 1320 (Fed. Cir. 2009) (quoting BMC Res., Inc. v. Paymentech, LP., 498 F.3d 1373, 1378 (Fed. Cir. 2007)). "If any claim limitation is absent. . ., there is no literal infringement as a matter of law." Bayer AG v. Elan Pharm. Research Corp., 212 F.3d 1241, 1247 (Fed. Cir. 2000). If an accused product does not infringe an independent claim, it also does not infringe any claim depending thereon. Ferring B.V. v. Watson Labs., Inc.-Florida, 764 F.3d 1401, 1411 (Fed. Cir. 2014) (citing Wahpeton Canvas Co., Inc. v. Frontier, Inc., 870 F.2d 1546, 1552 (Fed. Cir. 1989) ("One who does not infringe an independent claim cannot infringe a claim dependent on (and thus containing all the limitations of) that claim.")). However, "[o]ne may infringe an independent claim and not infringe a claim dependent on that claim." Monsanto Co. v. Syngenta Seeds, Inc., 503 F.3d 1352, 1359 (Fed. Cir. 2007) (quoting Wahpeton Canvas, 870 F.2d at 1552) (internal quotations omitted). The patent owner has the burden of proving literal infringement by a preponderance of the evidence. Octane Fitness, 134 S.Ct. at 1758.

         b. Indirect Infringement

         To establish indirect infringement, a patent owner has available two theories: active inducement of infringement and contributory infringement. 35 U.S.C. § 271(b) & (c). Liability for indirect infringement may arise "if, but only if, [there is] . . . direct infringement." Limelight Networks, Inc. v. Akamai Technologies, Inc., ___U.S.___, 134 S.Ct. 2111, 2117 (2014) (citing Aro Mfg. Co. v. Convertible Top Replacement Co., 365 U.S. 336, 341 (1961) (emphasis omitted)). The patent owner has the burden of proving infringement by a preponderance of the evidence. Octane Fitness, 134 S.Ct. at 1758.

         Under 35 U.S.C. § 271(b), "whoever actively induces infringement of a patent shall be liable as an infringer." "To prove induced infringement, the patentee must show direct infringement, and that the alleged infringer knowingly induced infringement and possessed specific intent to encourage another's infringement." Toshiba Corp. v. Imation Corp., 681 F.3d 1358, 1363 (Fed. Cir. 2012) (quoting i4i Ltd. P'ship. v. Microsoft Corp., 598 F.3d 831, 851 (Fed. Cir. 2010)) (internal quotation marks omitted). "[I]nduced infringement under § 271(b) requires knowledge that the induced acts constitute patent infringement." Global-Tech Appliances, Inc. v. SEB S.A., 563 U.S. 754, 766 (2011). The knowledge requirement can be met by a showing of either actual knowledge or willful blindness. See Id. "[A] willfully blind defendant is one who takes deliberate actions to avoid confirming a high probability of wrongdoing and who can almost be said to have actually known the critical facts." Id. at 769 (citation omitted). "[I]nducement requires evidence of culpable conduct, directed to encouraging another's infringement, not merely that the inducer had knowledge of the direct infringer's activities." DSU Medical Corp. v. JMS Co., Ltd., 471 F.3d 1293, 1306 (Fed. Cir. 2006) (en banc in relevant part) (citations omitted).

         To establish contributory infringement, the patent owner must demonstrate the following: (1) an offer to sell, a sale, or an import into the United States; (2) a component or material for use in a patented process constituting a material part of the invention; (3) knowledge by the defendant that the component is especially made or especially adapted for use in an infringement of such patents; and (4) the component is not a staple or article suitable for substantial non-infringing use. Fujitsu Ltd. v. Netgear Inc., 620 F.3d 1321, 1326 (Fed. Cir. 2010) (citing 35 U.S.C. § 271(c)). Defendant "must know 'that the combination for which his component was especially designed was both patented and infringing.'" Global-Tech, 563 U.S. at 763 (citing Aro Mfg., 377 U.S. at 488).

         2. Sourcefire IPS products and services

         a. Direct infringement- "automatically receiving and integrating the reports of suspicious activity"

         The jury found that the accused Sourcefire IPS products directly infringe the asserted claims. (D.I. 337 at 2) Cisco argues that no reasonable jury could have found that the Sourcefire IPS products "integrate reports of suspicious activity"[1] as required by the asserted claims. (D.I. 352 at 3) Cisco contends that, "[u]nder the court's claim construction, " the claims require "integrating reports of multiple events, not merely evaluating a report of a single event."[2] (D.I. 352 at 3) SRI does not dispute the "multiple event" limitation and argues that substantial evidence supports the jury's finding of infringement. (D.I. 370 at 2)

         i. SRI's evidence

         SRI's expert, Wenke Lee, PhD ("Dr. Lee"), referenced an internal Sourcefire document entitled "Compliance Rule Overview" and opined that the Sourcefire IPS products integrate reports of suspicious activity using rule nesting. (D.I. 396 at 959:22-961:9) For example, the referenced document states that:

For each kind of event, the rule can be constrained by related conditions. . . .Different conditions for a compliance rule can be combined with an AND or OR operator. One or more conditions can also be subordinated to another condition, also combined with an AND or OR operator. All this together allows complex rules to be built.

(PTX 787 at 7) Dr. Lee explained that "these compliance rules can work together to achieve the result of correlation. ... the firing of one compliance rule can become a condition into another compliance rule." (D.I. 396 at 960:24-961:2; PTX 787 at 7) Dr. Lee opined that "with this nesting ability, . . . [one can] write very complex logic to implement very comprehensive correlation analysis." (D.I. 396 at 961:2-5; PTX 787 at 7) Referencing the Sourcefire 3D System User Guide, Dr. Lee explained that the product literature teaches users and deploying organizations how to combine rules. (D.I. 396 at 961:10-962:6; DTX 840 at 1228)

         In his rebuttal testimony, Dr. Lee repeated that rule nesting works by creating a new rule that includes "the condition [] that another rule has to already be satisfied." (D.I. 399 at 1793:17-18) He explained that rule nesting enables combination of multiple events because rule nesting "means that you combine ... the events described by these two rules" into a single event. (D.I. 399 at 1793:18-23) Dr. Lee showed where, in the Sourcefire source code, rule nesting happens. (D.I. 399 at 1797:1-21)

         Dr. Lee explained that his infringement opinion was based, in part, on an independent test of Sourcefire's IPS products by NSS Labs. (D.I. 396 at 963:22-964:17; PTX 707 at 5, 20-21) Martin Roesch ("Roesch"), Sourcefire's founder and now Cisco's vice president and chief security architect, testified that NSS Labs is a well-known "third-party testing service" that does "functional analysis of things like intrusion prevention systems, firewalls, advanced malware protection systems and things like that." (D.I. 398 at 1477:19-1478:5) The NSS Labs report states that the Sourcefire IPS products "provide the means to infer connections between multiple alerts and group them together as incidents automatically." (PTX 707 at 17) Dr. Lee opined that this means that the "correlation engine" within the accused Sourcefire products can "infer connections between multiple alerts." (D.I. 396 at 964:12-13; 964:22-965:7)

         SRI presented deposition testimony from end users such as Kurt Truxal ("Truxal"), manager of global security at TransUnion, a Sourcefire and Cisco user. When asked "what a correlation rule does, " Truxal said that "[i]t allows you to correlate multiple events and call it a specific singular event." (D.I. 395 at 799:7-8; PTX 774) Truxal verified that TransUnion uses Sourcefire products to "combine and nest conditions." (D.I. 395 at 800:3-4) TransUnion, Truxal explained, also generates correlation events which are used to take "multiple events that happen in a sequence and rout[e] them together to create one unique individual event... [so that] they add up to something that could be more interesting." (D.I. 395 at 807:21-808:4)

         ii. Cisco's evidence

         Cisco's expert, Paul C. Clark, PhD ("Dr. Clark"), explained the operation of the "compliance engine feature" of the Sourcefire Defense Center product. (D.I. 398 at 1574:25-1575:1) Dr. Clark opined that the "compliance engine feature" processes events from sensors serially, "[a]s you'll see here, we're going to take the next event and match it with the policy just like we did the first event, and then we're going to fire one or more rules. But firing one or more rules is not combining multiple events." (D.I. 398 at 1575:24-1576:3; PTX 787 at 7; See also D.I. 398 at 1600:8-13) Dr. Clark explained that, in rule nesting, a base event is "going to be processed the same way [as rules in series], [by] tak[ing] it across, correlat[ing] with a rule one in the policy, trigger[ing] that rule, and then mov[ing] it along. And now you correlate it with Rule 2, same event, and just fire a second rule." (D.I. 398 at 1577:11-14; PTX 787 at 7, 21) Cisco elicited cross examination testimony from Dr. Lee in which he agreed that the accused Sourcefire IPS products process rules "one event at a time."[3] (D.I. 399 at 1841:20-21)

         iii. Analysis

         The jury was asked to consider whether SRI presented a preponderance of evidence to demonstrate that Cisco's Sourcefire IPS products directly infringed the asserted claims, either literally or under the doctrine of equivalents. (D.I. 336 at 23-25) Cisco argues that no reasonable jury could find infringement of the "automatically receiving and integrating the reports of suspicious activity" limitation found in the asserted claims, either literally or under the doctrine of equivalents.[4] (D.I. 352 at 6) Cisco contends that Dr. Lee's testimony under cross examination leads to the conclusion that "the claims undisputedly require[] integrating reports of multiple events, not merely evaluating a report of a single event."[5] (D.I. 352 at 3, citing D.I. 396 at 1082:20-1083:5)

         The court instructed the jury that "automatically receiving and integrating the reports of suspicious activity" means "[w]ithout user intervention, receiving reports of suspicious activity and combining those reports into a different end product; i.e., something more than simply collecting and reiterating data." (D.I. 336 at 21) Dr. Lee opined that correlation rules, combined with rule nesting, receive reports of suspicious activity and combine those reports into a different product. (D.I. 396 at 960:24-961:2; PTX 787 at 7; DTX 840 at 1228) Truxal expressed a similar opinion. (D.I. 395 at 807:21-808:4) Dr. Clark opined that this was not possible, because the Sourcefire products process events serially. (D.I. 398 at 1577:11-14; PTX 787 at 7, 21)

         On the record at bar, SRI's expert provided more than conclusory testimony in order to explain his conclusions to the jury. SRI also presented a fact witness to corroborate SRI's expert. The jury credited such testimony over that of Cisco's expert. The court declines to re-weigh the evidence or the credibility of the witnesses. Viewing the record in the light most favorable to SRI, substantial evidence supports the jury's verdict. For these reasons, Cisco's renewed motion for JMOL is denied.

         b. Indirect infringement- induced infringement

         The jury found that Cisco induced infringement of the asserted claims by Sourcefire IPS products and services. (D.I. 337 at 4) Cisco argues that no reasonable jury could have found that Cisco induced infringement of the Sourcefire IPS products and services. (D.I. 352 at 13) Cisco contends that SRI failed to demonstrate direct infringement, either through customers Home Depot and TransUnion or through survey results. (Id.) Cisco asserts that a jury could not have concluded the teaching or encouragement factor because "SRI failed to present substantial evidence that Cisco actively encouraged its customers to enable or use any allegedly infringing nested rules." (Id. at 14) Cisco argues that, SRI did not provide evidence that "Cisco 'knew the acts' of its customers 'were infringing.'" (Id.) SRI responds that it "presented extensive evidence that Cisco induced infringing deployment and use of the Sourcefire IPS Products and Services by its customers." (D.I. 370 at 12)

         i. SRI's evidence

         SRI presented evidence of direct infringement by the accused Sourcefire IPS products as discussed above. For example, when asked "what a correlation rule does, " TransUnion's Truxal said that "[i]t allows you to correlate multiple events and call it a specific singular event." (D.I. 395 at 799:7-8; PTX 774) Truxal verified that TransUnion uses the accused Sourcefire products to "combine and nest conditions." (D.I. 395 at 800:3-4) TransUnion, Truxal explained, also generates correlation events which are used to take "multiple events that happen in a sequence and rout[e] them together to create one unique individual event... [so that] they add up to something that could be more interesting." (D.I. 395 at 807:21-808:4)

         SRI presented circumstantial evidence of direct infringement in the form of the NSS Labs report. (PTX 707 at 5, 17, 20-21) Dr. Lee's aforementioned analysis of Cisco source code was also directed at the question of direct infringement by Sourcefire IPS products. (D.I. 399 at 1793:17-23, 1797:1-21) SRI's survey expert, Ken Van Liere, PhD ("Dr. Van Liere"), presented the results of a survey of Cisco customers and opined that, based upon the survey results, "78 percent of the people who have one [Sourcefire product] in their U.S. network said that [the correlation compliance engine] feature was enabled." (D.I. 395 at 728:20-729:2) Table 10 of the survey results show that 78% of Sourcefire users selected "Correlation/Compliance Engine" in response to the question: "which of the following, if any, are enabled in one or more of the Sourcefire Products that are currently installed within your organization's United States network?" (PTX 1093 at table 10)

         Dr. Lee opined that "using the correlation feature" in the Sourcefire IPS products is "one of the best practices recommended [by Cisco] to customers." (D.I. 396 at 977:1-6) In reference to various Cisco user guides, Dr. Lee testified that these user guides teach Sourcefire customers why, and how, to use correlation rules. (Id. at 978:1-8; PTX 787 at 7 (Compliance Rule Overview); PTX 784 at 62 (Best Practices Guide); DTX 840 at 1228 (Sourcefire 3D System User Guide); PTX 151 at 39-7 (FireSIGHT System User Guide))

         SRI elicited testimony, on cross examination, from Cisco's Roesch that he did not analyze infringement or read the patents until his deposition in the fall of 2015, which was two years after the filing of the present suit. (D.I. 398 at 1478:17-1479:13) Roesch opined that "[w]hen there are deeply technical issues on the table and there has been a legal application of understanding to those deep technical issues, " his general attitude is that Cisco has not infringed a patent, because people who are bringing suits do not understand the technology. (Id. at 1481:22-1482:2) Roesch also testified that his initial impression about the case at bar was that SRI "[d]idn't understand our technology." (Id. at 1482:10-13) SRI's former vice president of legal and business affairs and general counsel, Richard Abramson ("Abramson"), testified in a deposition that during licensing discussions (before the case at bar had been filed) Cisco had presented noninfringement contentions that SRI had rebutted. (D.I. 397 at 1233:15-22)

         ii. Cisco's evidence

         Cisco points to various aspects of SRI's evidence that it contends are a failure of proof of direct infringement. For example, SRI deposed Jeffrey Lee Mitchell ("Mitchell"), who is the director of IT security at Home Depot. When asked whether Home Depot uses correlation rules in the company's "defense center, " Mitchell testified "I don't think so ... . Because our correlation that we would begin within SOC is not done with the management console. It's done with correlation rules within Splunk." (D.I. 395 at 681:10-17) Mitchell repeated "I don't know if [the correlation rules are] enabled on the defense center. I do know that we are not using it in the SOC for correlation." (D.I. 395 at 682:9-11) Cisco asserts that Mitchell's testimony means that "Home Depot does not use the accused correlation engine and leaves it disabled." (D.I. 352 at 13) Cisco argues that "TransUnion uses the correlation engine but not the nested rules feature." (Id.) In support, Cisco points to Truxal's testimony that TransUnion does not have the defense center configured to "generate reports based on correlated events." (D.I. 395 at 808:5-13) With respect to Dr. Van Liere's survey, Cisco avers that the "survey failed to include any questions about the customers' use of the accused nested rules feature." (D.I. 352 at 13-14, citing PTX 1093 at table 10)

         Cisco argues that "SRI failed to present substantial evidence that Cisco actively encouraged its customers to enable or use any allegedly infringing nested rules." (D.I. 352 at 14) For example, Dr. Lee testified that one of the ways Cisco encouraged its customers to infringe was by providing customer support for Sourcefire. (D.I. 396 at 980:6-981:5 (referencing deposition testimony by Cisco employee, Steven Alan Sturges ("Sturges") at D.I. 395 at 759:8-770:2)) Cisco contends that this failure of proof is supported by Dr. Clark's testimony that "the compliance engine is the accused feature in the Defense Center" but that the defense center does "[l]ots of other things."[6] (D.I. 398 at 1571:3-16) Cisco notes that three of the user guides presented by SRI do not mention Sourcefire's correlation engine or the accused nested rules feature. (D.I. 352 at 14) With respect to the user guides that teach rule nesting, Cisco avers that the teaching is limited to a single statement that "You can nest rules." (D.I. 352 at 14; See also DTX 840 at 1228, PTX 151 at 39-7). Cisco notes that the relevant Sourcefire User Guide (DTX 840) is dated July 2011, which it argues is "more than a year" before May 2012, when STI sent a letter informing Cisco of the infringement allegations.[7] (D.I. 352 at 14; D.I. 398 at 1247:15-20) Moreover, Cisco contends that the trial transcript demonstrates that SRI "attempted] to establish induced infringement without addressing the reasonableness of Cisco's non-infringement defenses."[8] (D.I. 352 at 14-15, citing D.I. 400 at 1952:6-1957:15) In its closing argument, Cisco made the following statement:

Indirect infringement. They're right. Dr. Clark said, our products don't infringe. If they don't infringe, then no one else who uses them can infringe. But we also didn't have the intent. They did not show[9] you what Abramson, who was their former general counsel, admitted at deposition: Do you know if Cisco presented any noninfringement positions in those license licensing discussions? At some point they did make some argument as to why they felt they didn't infringe. That shows you we felt we didn't infringe. That does not add up to that we knowingly told people to do things knowing that it would infringe. I don't know why they didn't tell you that. It's their guy. I think you're not going to be terribly surprised, but I really want you to say no to this one, too.

(D.I. 400 at 1988:21-1989:10)

         iii. Analysis

         The jury was asked to consider whether SRI presented a preponderance of evidence to demonstrate that Cisco's induced infringement of the asserted claims by Sourcefire IPS products. (D.I. 336 at 26) The court instructed the jury that SRI bore the burden to prove:

1. Defendant took some action intending to encourage or instruct its customers to perform acts that you, the jury, find would directly infringe an asserted claim;
2. Defendant was aware of the asserted patents at the time of the alleged conduct and knew that its customer's acts (if taken) would constitute infringement of an asserted patent, or the defendant believed there was a high probability that the acts (if taken) would constitute infringement of an asserted patent but deliberately avoided confirming that belief; and
3. Use by others of the defendant's products or services infringes one or more of the asserted claims.

(Id.) As to the first factor, SRI presented evidence that Cisco's user guides and marketing materials teach rule nesting and how to use the correlation engine. (D.I. 370 at 13) Cisco argues that these materials are insufficient to demonstrate that Cisco encouraged or instructed its customers to enable or use rule nesting or the correlation engine.[10] (D.I. 352 at 14) Cisco argues that the "Best Practices Guide" (PTX 784) predates May 2012 (when SRI informed Cisco of its infringement contentions) and cannot form a basis for inducement, because Cisco could not have had knowledge of the potential infringement when it made the statement.[11] However, even if Cisco had made this argument to the jury (which the record shows it did not), Cisco did not address (either in its briefs or to the jury) the timeliness of the other evidence presented by SRI. The jury was presented with sufficient evidence to determine whether Cisco took some action to encourage or instruct its customers to use the Sourcefire IPS products in an infringing manner.

         With respect to the intent factor, for the relevant time period, SRI presented evidence that Cisco knew about the patents and SRI's belief that Cisco infringed the patents. SRI also presented evidence that Cisco's Roesch did not read the patents until his deposition (a period of nearly two years after filing suit) and James Kasper ("Kasper"), a software engineering technical leader at Cisco, was not asked to investigate the possibility of infringement. (D.I. 398 at 1479:9-13; D.I. 400 at 1953:10-1957:15) Cisco argues that its denial of infringement during "[t]he parties' pre-suit discussions confirm[s] Cisco's reasonable belief in non-infringement."[12] (D.I. 352 at 15) The parties presented sufficient evidence for a jury to conclude that either Cisco knew that its customers' acts (if taken) would constitute infringement of the asserted claims or Cisco believed there was a high probability that its customers' acts (if taken) would constitute infringement of an asserted claim but that Cisco deliberately avoided confirming that belief.

         On the third factor, direct infringement, SRI presented evidence of infringement through Cisco customers at Home Depot and TransUnion. Cisco argues that these customers cannot directly infringe the asserted claims, because they do not use the relevant aspects (rule nesting and compliance engine) of the accused Sourcefire IPS products.[13] SRI presented additional evidence of infringement through Dr. Van Here's survey, including table 10, which (according to Dr. Van Liere) supports the conclusion that 78% of Sourcefire IPS customers use the "Correlation/Compliance Engine" feature. (PTX 1093 at table 10) Cisco argues that the survey does not address the rule nesting feature. (D.I. 352 at 13-14) SRI argued to the jury that rule nesting is implicit to the correlation engine. (See, e.g., D.I. 400 at 1947:10-1948:22) Cisco appears to argue that rule nesting and the correlation engine are two separate features that must both be separately shown in order to demonstrate direct infringement.[14] (D.I. 352 at 13-16) Sufficient evidence was presented to enable the jury to decide whether Cisco's customers directly infringe the asserted claims by using the Sourcefire IPS products.

         On the record at bar, SRI presented more than conclusory evidence of inducement to the jury. The jury credited the testimony of SRI's witnesses and exhibits over that of Cisco. The court declines to re-weigh the evidence or the credibility of the witnesses. Viewing the record in the light most favorable to SRI, substantial evidence supports the jury's verdict that Cisco induced infringement of the asserted claims by its customers using Sourcefire IPS products. For these reasons, Cisco's renewed motion for JMOL is denied.

         3. Cisco IPS products

         Cisco argues that the asserted claims contain the "hierarchical monitor" limitation and that no reasonable jury could have found that the accused Cisco IPS products satisfy this claim limitation. (D.I. 352 at 7) Cisco avers that "[d]espite the express claim requirement of multiple (i.e., at least two) monitors in a hierarchy, SRI nevertheless based its infringement theory on the features inside a single Cisco IPS product as being both the lower-level monitors and the hierarchical monitor required by the claims." (Id.)

         At summary judgment, Cisco presented a similar argument "that the SensorApp processing thread cannot simultaneously be both the alleged 'network monitor and 'hierarchical monitor' under the claims because they are not 'separate and distinct structures.'" (D.I. 301 at 32) The court denied summary judgment of noninfringement and clarified that "[t]he claim language and the parties' constructions do not require that the 'network monitor' and 'hierarchical monitor' be separate structures." (Id.) The court found genuine issues of material fact as to "whether the Meta Event generator meets the ['hierarchical monitor'] claim limitation." (Id.)

         Cisco makes two arguments in support of its motion for JMOL: (1) a single Cisco IPS product cannot satisfy the "plurality of network monitors"[15] limitation;[16] and (2) Dr. Lee's testimony cannot support a jury finding of infringement of the "hierarchical monitor"[17] limitation. (D.I. 352 at 7-8)

         a. Reconsideration

         A motion for reconsideration is the "functional equivalent" of a motion to alter or amend judgment under Federal Rule of Civil Procedure 59(e). See Jones v. Pittsburgh Nat'l Corp., 899 F.2d 1350, 1352 (3d Cir. 1990) (citing Fed. Kemper Ins. Co. v. Rauscher, 807 F.2d 345, 348 (3d Cir. 1986)). The standard for obtaining relief under Rule 59(e) is difficult to meet. The purpose of a motion for reconsideration is to "correct manifest errors of law or fact or to present newly discovered evidence." Max's Seafood Cafe ex rel. Lou-Ann, Inc. v. Quinteros, 176 F.3d 669, 677 (3d Cir. 1999). A court should exercise its discretion to alter or amend its judgment only if the movant demonstrates one of the following: (1) a change in the controlling law; (2) a need to correct a clear error of law or fact or to prevent manifest injustice; or (3) availability of new evidence not available when the judgment was granted. See Id. A motion for reconsideration is not properly grounded on a request that a court rethink a decision already made and may not be used "as a means to argue new facts or issues that inexcusably were not presented to the court in the matter previously decided." Brambles USA, Inc. v. Blocker, 735 F.Supp. 1239, 1240 (D. Del. 1990); see also Glendon Energy Co. v. Borough of Glendon, 836 F.Supp. 1109, 1122 (E.D. Pa. 1993).

         In support of its request for reconsideration of the denial of summary judgment of noninfringement, Cisco presents attorney argument related to the "plurality of monitors" limitations, but these are the same arguments Cisco made at summary judgment, and Cisco has not presented additional facts or law to support its noninfringement position.[18](D.I. 352 at 7-8; See also D.I. 301 at 32) Therefore, the court denies Cisco's request for reconsideration.

         b. Direct infringement-"hierarchical monitor"

         Cisco argues that "SRI failed to prove that Cisco's IPS Products satisfy the claim requirement of a 'hierarchical monitor' that integrates reports from two or more lower-level monitors, " alleging that "Dr. Lee [] changed his infringement theory" during the trial. (D.I. 352 at 8) SRI agrees that "Dr. Lee misstated . . . which box drawn in a marketing diagram represented the meta event generator, " but argues that the location of the meta event generator is not important and that the meta event engine (or generator) corresponds to the "hierarchical monitor" in the claims. (D.I. 370 at 7)

         i. SRI's evidence

         Dr. Lee opined that the meta event engine (or meta event generator) meets the claim limitation of a "hierarchical monitor, " because it receives events "from the lower level sensor app processing thread network monitors" and is "logically separate from the other inspection engines . . . that are in the sensor app threads." (D.I. 396 at 888:6-15; D.I. 397 at 1189:5-12) Dr. Lee discussed source code, which explains that the meta engine "allows for definitions of 'META events' that in effect correlate events automatically .... A META event is defined by other signature events occurring in a related manner within a sliding time interval." (PTX 677 at 36; D.I. 396 at 888:16-890:18) With reference to the User Guide for Cisco Security Manager 4.4, Dr. Lee testified that "the lower level sensors take input from network packet produced events and the meta engine takes those events and correlates them. So there is a hierarchy here." (D.I. 396 at 891:15-18; See also PTX 94 at 38-25 ("The Meta engine is different from other engines in that it takes alerts as input where most engines take packets as input."))

         On direct examination, Dr. Lee discussed a Cisco marketing presentation. A slide entitled "IPS Sensor Architecture, " Dr. Lee explained, is an "architectural diagram of software .... [that] tells you what are the components of the software, how [] they work together." (D.I. 396 at 864:5-11) Dr. Lee opined that the meta event engine is located in the "Correlation App" box:

Q. What does this - to your understanding, there's a box here, correlation app. What is that referring to?
A. So this is the, essentially, the correlation engine or the meta event engine in Cisco's language. That's the upper level hierarchy code monitor.

(D.I. 396 at 864:24-865:3; PTX 109 at 19) On cross examination, Dr. Lee confirmed this opinion. (D.I. 396 at 1048:19-1049:4) After Cisco presented evidence disputing that the meta event engine is located within the "Correlation App" box of the software architecture, on redirect, Dr. Lee explained that the physical location of the meta event generator is not important. (D.I. 397 at 1188:20-22) Dr. Lee explained his opinion, showing the preceding slide from the same presentation and identifying that the "Meta Event Generator for event correlation" is located within the "On-box Correlation Engine" box in that slide. (D.I. 397 at 1188:23-1189:12; PTX 109 at 18)

         ii. Cisco's evidence

         On cross examination, Cisco verified Dr. Lee's opinion that the meta event generator is located in the "Correlation App" box in the Cisco marketing presentation. (D.I. 396 at 1048:19-1049:4; PTX 109 at 19) Cisco's Kasper testified that the "Correlation App" box in the marketing presentation does not have anything to do with the meta event generator. (D.I. 398 at 1521:2-4) Kasper explained that the word correlation does not indicate that it has anything to do with the meta event generation, because "[c]orrelation is sort of generally used term. So nothing to do with meta." (D.I. 398 at 15:5-9) Cisco questioned Dr. Lee about this inconsistency:

Q. And when you testified last week --
A. Yes.
Q. - you testified that the meta event generator was this green box, the correlation ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.