Background
Finjan, Inc. is a cybersecurity patent licensing company that holds patents on methods for detecting and blocking malware, particularly through behavioral analysis of code rather than signature-matching. Finjan sued Blue Coat Systems, a network security company, for infringement of several patents covering virus detection and web security technologies. Following trial, a jury found Blue Coat liable for infringement of four Finjan patents and awarded approximately $39.5 million in reasonable royalty damages.
On appeal, Blue Coat challenged both the patent eligibility of Finjan’s patents under § 101 and the damages methodology for several of the asserted patents. The central damages dispute involved how to calculate a reasonable royalty for complex software security products in which the patented feature is only one of many features contributing to the product’s value.
The Court’s Holding
The Federal Circuit affirmed the eligibility of Finjan’s patents and partially affirmed the damages award, but vacated and remanded damages for the ’844 patent because the apportionment methodology was flawed. On eligibility, the court found that the patents covered concrete improvements to computer security — specifically, the creation and use of behavioral security profiles to detect malware — rather than abstract ideas, satisfying Alice/Mayo step two.
On damages, the court reiterated that when the accused product contains both patented and unpatented features, the royalty base must be apportioned to reflect only the incremental value of the patented technology. The “smallest salable patent-practicing unit” (SSPPU) doctrine provides a starting point: if you can identify a distinct component that practices the patent, you use that component’s value as the base. But the court held that identifying the SSPPU is not the end of the analysis if that unit itself contains features that are not covered by the patent. In such cases, further apportionment is required to carve out the non-patented value from even the smallest identifiable component. For the ’844 patent, Finjan had pointed to Blue Coat’s DRTR component as the SSPPU, but that component incorporated non-infringing functionality — requiring further apportionment that Finjan’s expert had not performed.
Key Takeaways
- The smallest salable patent-practicing unit analysis does not end the apportionment inquiry if the identified unit still contains non-patented features; further disaggregation of value is required.
- Cybersecurity patents that describe specific behavioral detection methods (rather than generic abstract ideas) can satisfy Alice step two by representing concrete technical improvements to computer security.
- Software patent damages require rigorous, feature-by-feature analysis to separate patented from unpatented value — courts will not accept royalty calculations that gloss over the presence of non-patented functionality within the royalty base.
- Damages experts in software cases must account for the value contribution of each non-patented feature within the product unit chosen as the royalty base.
Why It Matters
For patent owners asserting software and cybersecurity patents, Finjan v. Blue Coat reinforced that getting to a large damages number requires rigorous apportionment work at every level. Even after identifying the smallest product unit that practices the patent — typically the hardest step — you must go further if that unit contains non-infringing features. This layers complexity onto damages expert analysis and makes it easier for defendants to attack damages awards on apportionment grounds.
The case is particularly important for the growing category of software-heavy IP litigation in which a product’s value derives from dozens of interacting features, only one or a few of which are covered by any given patent. Together with Exmark (decided two days later), Finjan established a two-decision pattern at the start of 2018 emphasizing that patent damages must be rigorously tied to the value of the patented contribution — not the value of the broader product or platform.