Case3:14-cv-05071-JD Document31 Filed07/10/15 Page1 of 10

1 Bruce J. Wecker (SBN 78530) Christopher L. Lebsock (SBN 184546) 2 HAUSFELD LLP 600 Montgomery Street, Suite 3200 3 San Francisco, CA 94111 Tel: (415) 633-1908 4 Fax: (415) 358-4980

5 Attorneys for Plaintiff CAP Co. Ltd. 6 UNITED STATES DISTRICT COURT 7 NORTHERN DISTRICT OF CALIFORNIA

8 CAP Co. Ltd., a Korean corporation, Case No. 3:14-cv-05071-JD

9 Plaintiff, AMENDED COMPLAINT 10 FOR PATENT INFRINGEMENT vs. 11

12 SYMANTEC CORPORATION, a Delaware DEMAND FOR JURY TRIAL 13 corporation;

14 Defendant. 15

16 AMENDED COMPLAINT 17 Plaintiff CAP Co., Ltd. (“Plaintiff” or “CAP Co.”) files this Amended Complaint for patent 18 infringement against Symantec Corporation (“Symantec” or “Defendant”) alleging as follows: 19 THE PARTIES 20 1. Plaintiff CAP Co. is a corporation organized under the laws of the Republic of 21 Korea. It has its principal place of business at 22, Gomae-ro 234beon-gil, Giheung-gu, Yongin-si, 22 Gyeonggi-do, Korea. It is the owner of United States Patent Nos.RE42196 and 8,544,078 23 (“Patents-in-Suit”). 24 2. Defendant Symantec, on information and belief, is a corporation organized under

25 the laws of the State of Delaware. Symantec is doing business in California, and has its principal 26 place of business at 350 Ellis Street, Mountain View, California. 27 28

AMENDED COMPLAINT FOR PATENT INFRINGEMENT Case No. 3:14-cv-05071-JD

Case3:14-cv-05071-JD Document31 Filed07/10/15 Page2 of 10

1 JURISDICTION & VENUE 2 3. This is an action for infringement of a United States patent. Accordingly, this 3 action arises under the patent laws of the United States of America, 35 U.S.C. § 1 et seq., and 4 jurisdiction is properly based on 35 U.S.C. § 271 and 28 U.S.C. § 1338(a). 5 4. Venue is proper in this district under 28 U.S.C. §§ 1391(b-c) and 1400(b). Upon 6 information and belief, Defendant transacts or has transacted business in this judicial district, or 7 committed and/or induced acts of patent infringement in this district. 8 INTRADISTRICT ASSIGNMENT 9 5. This action is an intellectual property action subject to district-wide assignment. 10 FACTUAL BACKGROUND 11 6. On March 1, 2011, United States Patent No.RE42,196 (“the ’196 patent”) entitled 12 “System and method for blocking harmful information online, and computer readable medium 13 therefor” was duly and legally issued. CAP Co. holds the title by assignment from the inventor, 14 including the right to sue for past, present and future damages. A copy of the ’196 patent is 15 attached as Exhibit A. 16 7. On September 24, 2013, United States Patent No. 8,544,078 (“the ’078 patent”) 17 entitled “Flexible network security system and method for permitting trusted process” was duly 18 and legally issued. CAP Co. holds the title by assignment from the inventor, including the right to 19 sue for past, present and future damages. A copy of the ‘078 patent is attached as Exhibit B. 20 8. The ’196 patent is a reissue patent derived from a patent issued on June 13, 2006, 21 U.S. Pat. No. 7,062,552 (hereinafter the “anti-virus patents”). These patents are directed to 22 methods for protection of computer systems by the blocking of harmful information such as 23 viruses. The ’078 patent is directed at systems and methods for controlling inbound traffic by 24 using a firewall (hereinafter the “firewall patent”). 25 9. Pursuant to 35 U.S.C. § 282, the Patents-in-Suit are presumed valid. 26 10. On information and belief, with respect to the ’196 patent, Defendant Symantec 27 develops markets and distributes infringing products including Security/Norton 28 Security//Norton Family, with Backup/Norton One, Norton Small

AMENDED COMPLAINT FOR PATENT INFRINGEMENT - 2 - Case No. 3:14-cv-05071-JD

Case3:14-cv-05071-JD Document31 Filed07/10/15 Page3 of 10

1 Business (all versions), Symantec Data Center Security (all versions), Symantec Endpoint 2 Protection (all versions), Symantec Mobility: Threat Protection/Norton Mobile Security, Symantec 3 Mobility: Suite, Symantec Protection Suite (all versions), and Symantec Protection Engine for 4 Cloud Services. 5 11. On information and belief, with respect to the ’078 patent, develops markets and 6 distributes infringing products including Norton Firewall/Smart Firewall, Norton Security/Norton 7 Internet Security Norton AntiVirus, Norton 360, Norton Small Business, Symantec Endpoint 8 Security, Symantec Endpoint Protection, Symantec Data Center Security, Symantec Mobility: 9 Threat Protection, Symantec Mobility: Suite, and Symantec Protection Suite. Symantec 10 contributed and continues to contribute to acts of infringement by causing and encouraging others 11 to use the aforementioned products. 12 12. These products are sold directly to customers and used by them pursuant to 13 Symantec’s user manuals guides, and support articles. For example, with respect to the features 14 that infringe the ’196 patent, Symantec 15 13. Symantec touts the patented features of the’196 patent in its printed literature:

16 3) Reputation: Symantec’s unique Insight correlates tens of billions of linkages between users, files, and websites to detect rapidly mutating 17 threats. By analyzing key file attributes, Insight can accurately identify 18 whether a file is good and assign a reputation score to each file, effectively protecting against targeted attacks while reducing scan overhead by up to 19 70%.

20 4) Behavior: SONAR leverages artificial intelligence to provide zero-day protection. It effectively stops new and unknown threats by monitoring 21 nearly 1,400 file behaviors while they execute in real-time to determine file 22 risk.

23 http://static.symanteccloud.com/estore/Datasheets/en/Product/security/symantec-endpoint- protection.pdf 24 14. Symantec recommends that its customers of Symantec Endpoint Protection 25 maintain the default setting that blocks software that the Global Intelligence Network reports have 26 low reputations or no reputations. http://origin- 27 symwisedownload.symantec.com/resources/sites/SYMWISE/content/live/DOCUMENTATION/5 28

AMENDED COMPLAINT FOR PATENT INFRINGEMENT - 3 - Case No. 3:14-cv-05071-JD

Case3:14-cv-05071-JD Document31 Filed07/10/15 Page4 of 10

1 000/DOC5077/en_US/Insight_v1.pdf (“For most enterprises, we recommend the preset default 2 configuration at Protection Level 5. This will block low-reputation software and software still 3 without a reputation (e.g., software that is new and not from a trusted vendor) in addition to 4 blocking files that trigger classic fingerprints or heuristics.”). 5 15. For example, through its website at http://www. symantec.com, Symantec 6 advertises and provide instructions on how to use the feature in the ‘196 accused software 7 products of monitoring file input and output and providing code from a server to block harmful 8 information of files to be executed. Such advertisements and instructions are provided in, for 9 example, technical documentation made available by Symantec through its website, including but 10 not limited to Administration Guides and User Guides for the accused software products. On 11 information and belief, by using features in the accused software products such as this feature, 12 Symantec’s customers have directly infringed and continue to directly infringe one or claims 13 of the ‘196 patent. On information and belief, Symantec knew or should have known its activities 14 in encouraging and instructing customers in the use of the accused software products, including 15 but not limited to the activities set forth above, would induce their customers’ direct infringement 16 of the ’196 patent. All of the specially designed software that operates the accused features was 17 designed, authored and provided by Symantec. 18 16. For example, through its website at http://www. symantec.com, Symantec 19 advertises and provide instructions on how to use the feature in the ‘078 accused firewall products 20 to automatically add applications and their server ports to the firewall’s permitted applications and 21 ports. Such advertisements and instructions are provided in, for example, technical documentation 22 made available by Symantec through its website, including but not limited to Administration 23 Guides and User Guides for the accused products. On information and belief, by using features in 24 the accused software products such as this feature, Symantec’s customers have directly infringed 25 and continue to directly infringe one or more claims of the ‘078 patent. On information and belief, 26 Symantec knew or should have known its activities in encouraging and instructing customers in 27 the use of the accused software products, including but not limited to the activities set forth above, 28 would induce their customers’ direct infringement of the ’078 patent.

AMENDED COMPLAINT FOR PATENT INFRINGEMENT - 4 - Case No. 3:14-cv-05071-JD

Case3:14-cv-05071-JD Document31 Filed07/10/15 Page5 of 10

1 17. Use of the firewall features as described above are provided by the products by 2 default and Symantec recommends that they are not turned off:

3 Symantec recommends that you keep the Smart Firewall option turned on to let your Norton product monitor all inbound and all outbound 4 communications of your computer. 5 The Smart Firewall feature automatically creates program rules for each 6 program that you run. When the Smart Firewall option is turned on, Norton product retains the Automatic Program Control settings for all 7 programs.

8 Turning off Smart Firewall reduces your system protection. Always ensure 9 that the Smart Firewall is turned on.

10 ftp://ftp.symantec.com/public/english_us_canada/products/norton_internet_security/2015/manuals /NIShelp.pdf at 125-26. 11 18. All of the specially designed software that operates the accused features was 12 designed and distributed by Symantec. 13 19. On information and belief, with respect to the ’196 patent, Symantec supplies its 14 security products with specifically designed code that is used to integrate its Insight and SONAR 15 services with appropriately formatted rules and policies to block harmful information that have no 16 substantial non-infringing uses. In addition, on information and belief, Symantec supplies its 17 accused security products with specifically designed code that provides a sequence of operations 18 by which its security engines execute, including instructions for the acquisition of server-provided 19 code and use of that code in blocking harmful information. 20 20. On information and belief, with respect to the ’078 patent, Symantec provides 21 customized computer code to automatically extract server port information to allow applications to 22 be added to permitted applications lists while only allowing use of the applications on specifically 23 identified server ports. Such code has no substantial non-infringing uses. 24 21. Symantec’s indirect and, with respect to certain method claims of the ’196 patent, 25 divided infringement, also derives from its sale and concerted activity with its customers in using 26 Symantec’s products for mutual advantage. Symantec directs and controls each of these customers 27 by instructing end-users in the operation of the accused products, and taking technical steps to 28

AMENDED COMPLAINT FOR PATENT INFRINGEMENT - 5 - Case No. 3:14-cv-05071-JD

Case3:14-cv-05071-JD Document31 Filed07/10/15 Page6 of 10

1 maintain control over the user’s operation and access to parts of the software. Symantec contractually

2 and technically seeks to control end-users’ operation of the product. Contractually, Symantec requires

3 users to agree to terms and conditions http://www.symantec.com/en/uk/about/profile/policies/eulas/ 4 To the extent that claims require a web server or a first web server to transmit a “harmful

5 information blocking code module” to a client, Symantec owns or controls the web server. To the

6 extent that certain method claims require multiple actors consisting of Symantec and its customers,

7 Symantec serves as the mastermind in their joint infringement. 8 22. Symantec continues to provide and sell goods and services including products 9 designed for use in practicing one or more claims of the Patents-in-Suit, where the goods and 10 services constitute a material part of the invention and are not staple articles of commerce, and 11 which have no use other than infringing one or more claims of the Patents-in-Suit. 12 23. Symantec, by the filing and service of the Original Complaint in this action knows 13 of CAP Co.’s patents and its claims of infringement.

14 COUNT I (Patent Infringement) 15 (RE42,196) 16 24. Plaintiff incorporates by reference the allegations of paragraphs 1 through 23, 17 above. 18 25. CAP Co. is the owner of the ’196 patent. 19 26. Defendant has infringed and is still infringing the ’196 patent, by, without 20 authority, consent, right or license, and in direct infringement of the patents, making, using, 21 offering for sale and/or selling the aforementioned products using the methods claimed in the 22 patent in this country. This conduct constitutes infringement under 35 U.S.C. § 271(a). 23 27. In addition, Defendant has infringed the ’196 patent in this country, and is still 24 infringing the ’196 patent in this country since the service of the Original Complaint in this matter 25 through, inter alia, its active inducement of others to make, use, and/or sell the products and 26 methods claimed in one or more claims of the patent. For example, Symantec urges its customers 27 to use Insight file reputation services since signature based anti-virus does not protect against new 28

AMENDED COMPLAINT FOR PATENT INFRINGEMENT - 6 - Case No. 3:14-cv-05071-JD

Case3:14-cv-05071-JD Document31 Filed07/10/15 Page7 of 10

1 malware threats. http://www.symantec.com/content/en/us/enterprise/white_papers/b- 2 turning_the_tables_on_malware_WP_21155056.en-us.pdf (Malicious code derives its advantage 3 from stealth—it is rare, often targeting a single organization or even computer, and it relies on 4 "zero-day" emergence to evade signature-based detection. Malicious code that is widespread and 5 mature is more likely to have been identified, and its signature published. In contrast, low 6 prevalence, recently-emerged files are the riskiest. ... IT Professionals must now extend their 7 policies to incorporate new prevalence, emergence, and connection information. … This new 8 approach offers better malware detection with fewer false alarms and higher performance than 9 today’s security stack. Today, cybercrime has the upper hand, because criminals can quickly 10 customize and execute targeted attacks. This new approach turns their model on its head: new and 11 custom attacks with low emergence and prevalence ratings will be blocked by all but the most 12 risk-tolerant environments. And “mature” malware will be discovered, fingerprinted, and then 13 blocked with less scanning and heuristics overhead than today. … Finally, the approach reverses 14 the effect of the malware explosion on performance, by moving the evaluation and rating 15 overheads—and much of the scanning—off enterprise clients and endpoints. Because the new 16 ratings offload work from both signature—and heuristics based defenses, every one of the security 17 technologies works less, and therefore better.”). This conduct constitutes infringement under 35 18 U.S.C. § 271(b). 19 28. Symantec recommends that its customers of Symantec Endpoint Protection 20 maintain the default setting that blocks software that the Global Intelligence Network reports have 21 low reputations or no reputations. http://origin- 22 symwisedownload.symantec.com/resources/sites/SYMWISE/content/live/DOCUMENTATION/5 23 000/DOC5077/en_US/Insight_v1.pdf (“For most enterprises, we recommend the preset default 24 configuration at Protection Level 5. This will block low-reputation software and software still 25 without a reputation (e.g., software that is new and not from a trusted vendor) in addition to 26 blocking files that trigger classic fingerprints or heuristics.”). This conduct constitutes 27 infringement under 35 U.S.C. § 271(b). 28 29. In addition, Symantec has infringed the ’196 patent in this country, and is still

AMENDED COMPLAINT FOR PATENT INFRINGEMENT - 7 - Case No. 3:14-cv-05071-JD

Case3:14-cv-05071-JD Document31 Filed07/10/15 Page8 of 10

1 infringing the ’196 patent in this country since the service of the Original Complaint in this matter 2 through, inter alia, providing and selling goods and services including the aforementioned 3 products designed for use in practicing one or more claims of the ’196 patent, where the goods and 4 services constitute a material part of the invention and are not staple articles of commerce, and 5 which have no use other than infringing one or more claims of the ’196 patent. Symantec has 6 committed these acts with knowledge that the goods and services it provides are specially made 7 for use in a manner that directly infringes the ’196 patent. This conduct constitutes infringement 8 under 35 U.S.C. § 271(c). 9 30. As a result of Defendant’s infringement, Plaintiff has been damaged, and will 10 continue to be damaged, until Defendant discontinues from further acts of infringement.

11 COUNT II (Patent Infringement) 12 (U.S. Patent No. 8,544,078) 13 31. Plaintiff incorporates by reference the allegations of paragraphs 1 through 30, 14 above. 15 32. CAP Co. is the owner of the ’078 patent. 16 33. Defendant has infringed and is still infringing the ’078 patent, by, without 17 authority, consent, right or license, and in direct infringement of the patents, making, using, 18 offering for sale and/or selling products including Norton Security/, 19 Norton Security with Backup, Norton Small Business, Symantec Endpoint Protection, Symantec 20 Data Center Security, Symantec Mobility: Threat Protection, Symantec Mobility: Suite, and 21 Symantec Protection Suite. These products use the systems and methods claimed in the patent in 22 this country. This conduct constitutes infringement under 35 U.S.C. § 271(a). 23 34. In addition, Symantec has infringed, and is still infringing the ’078 patent in this 24 country since the service of the Original Complaint in this matter through, inter alia, its active 25 inducement of others to make, use, and/or sell the aforementioned products and methods claimed 26 in one or more claims of the patent. This conduct constitutes infringement under 35 U.S.C. § 27 271(b). 28

AMENDED COMPLAINT FOR PATENT INFRINGEMENT - 8 - Case No. 3:14-cv-05071-JD

Case3:14-cv-05071-JD Document31 Filed07/10/15 Page9 of 10

1 35. In addition, Symantec has infringed the ’078 patent and is still infringing the ’078 2 patent in this country since the service of the Original Complaint in this matter through, inter alia, 3 providing and selling goods and services including the aforementioned products designed for use 4 in practicing one or more claims of the Patents-in-Suit, where the goods and services constitute a 5 material part of the invention and are not staple articles of commerce, and which have no use other 6 than infringing one or more claims of the Patents-in-Suit. Symantec has committed these acts 7 with knowledge that the goods and services it provides are specially made for use in a manner that 8 directly infringes the Patents-in-Suit. This conduct constitutes infringement under 35 U.S.C. § 9 271(c). 10 36. As a result of Defendant’s infringement, Plaintiff has been damaged, and will 11 continue to be damaged, until Defendant discontinues from further acts of infringement. 12 PRAYER FOR RELIEF 13 Wherefore, Plaintiff prays for entry of judgment: 14 A. declaring that Defendant has infringed one or more claims, specifically including 15 claim 1, of each of the Patents-in-Suit; 16 B. that Defendant account for and pay to Plaintiff all damages caused by its 17 infringement of the Patents-in-Suit, which by statute can be no less than a reasonable royalty; 18 C. that Plaintiff be granted pre-judgment and post-judgment interest on the damages 19 caused to it by reason of Defendant’s infringement of the Patents-in-Suit; 20 D. that this be adjudged an exceptional case and that Plaintiff be awarded its attorney’s 21 fees in this action pursuant to 35 U.S.C. § 285; 22 E. that costs be awarded to Plaintiff; and 23 F. that Plaintiff be granted such other and further relief as the Court may deem just and 24 proper under the current circumstances. 25 /// 26 /// 27 /// 28 ///

AMENDED COMPLAINT FOR PATENT INFRINGEMENT - 9 - Case No. 3:14-cv-05071-JD

Case3:14-cv-05071-JD Document31 Filed07/10/15 Page10 of 10

1 DEMAND FOR JURY TRIAL 2 Plaintiff, by its undersigned attorneys, demands a trial by jury on all issues so triable. 3 4 Dated: July 10, 2015 Respectfully submitted, 5 By: /s/ Bruce J. Wecker 6 Bruce J. Wecker (SBN 78530) 7 Christopher L. Lebsock (SBN 184546) HAUSFELD LLP 8 600 Montgomery Street, Suite 3200 San Francisco, CA 94111 9 Tel: (415) 633-1908 Fax: (415) 358-4980 10 Email: [email protected] [email protected] 11

12 Attorneys for Plaintiff CAP Co. Ltd. 13

14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

AMENDED COMPLAINT FOR PATENT INFRINGEMENT - 10 - Case No. 3:14-cv-05071-JD