BT Americas, Inc. et al v. Palo Alto Networks, Inc.
Filing
97
MEMORANDUM OPINION and ORDER regarding D.I. 11 MOTION to Dismiss for Failure to State a Claim filed by Palo Alto Networks, Inc. as announced at the 7/14/2023 hearing. Signed by Judge Christopher J. Burke on 11/14/2023. (dlb)
<![CDATA[
IN THE UNITED STATES DISTRICT COURT
FOR THE DISTRICT OF DELAWARE
BRITISH TELECOMMUNICATIONS
PLC and BT AMERICAS, INC.,
Plaintiffs,
v.
PALO ALTO NETWORKS, INC.,
Defendant.
)
)
)
)
)
)
)
)
)
)
Civil Action No. 22-1538-CJB
Philip A. Rovner, Jonathan A. Choa, POTTER ANDERSON & CORROON LLP, Wilmington,
DE; Bart H. Williams, PROSKAUER ROSE LLP, Los Angeles, CA; Nolan M. Goldberg,
Baldassare Vinti, PROSKAUER ROSE LLP, New York, NY; Edward Wang, PROSKAUER
ROSE LLP, Washington, D.C., Attorneys for Plaintiffs.
Brian E. Farnan, Michael J. Farnan, FARNAN, LLP, Wilmington, DE; Adrian C. Percer, WEIL
GOTSHAL & MANGES LLP, Redwood Shores, CA; Anish R. Desai, Tom Yu, WEIL
GOTSHAL & MANGES LLP, New York, NY; Priyata Y. Patel, WEIL GOTSHAL &
MANGES LLP, Washington, D.C., Attorneys for Defendant.
MEMORANDUM OPINION AND ORDER
November 14, 2023
Wilmington, Delaware
BURKE, United States Magistrate Judge
As announced at the hearing on July 14, 2023, IT IS HEREBY ORDERED that
Defendant Palo Alto Networks, Inc.’s (“Defendant”) motion to dismiss (the “motion”), (D.I. 11),
which argues that Plaintiffs BT Americas, Inc. and British Telecommunications PLC’s
(“Plaintiffs”) asserted United States Patent No. 7,159,237 (the “'237 patent”) and United States
Patent No. 7,895,641 (the “'641 patent”) are directed to non-patent-eligible subject matter
pursuant to 35 U.S.C. § 101 (“Section 101”), is DENIED.
Defendant’s motion was fully briefed as of April 10, 2023, (D.I. 31). The Court carefully
reviewed all submissions in connection with Defendant’s motion, heard oral argument, and
applied the relevant legal standards for review of this type of Section 101-related motion at the
pleading stage, which it has previously set out in Genedics, LLC v. Meta Co., Civil Action No.
17-1062-CJB, 2018 WL 3991474, at *2-5 (D. Del. Aug. 21, 2018).
The Court’s Order is consistent with the bench ruling announced at the hearing on July
14, 2023, pertinent excerpts of which follow:
The first case in which I[ will] provide an opinion is British
Telecommunications, PLC v. Palo Alto Networks, Inc. It[ is] Civil
Action [No.] 22-1538-CJB. The Defendant, Palo Alto Networks,
has filed a motion to dismiss pursuant to Rule 12(b)(6)[,] arguing
that the complaint should be dismissed on Section 101-related
subject matter eligibility [grounds].
Here, Plaintiffs[] British Telecommunications, PLC and BT
Americas, Inc. filed suit alleging the infringement of two patents,
the [] '237 patent[,] and [] the '641 patent. The patents are related.
They share a common specification, and they have the same title,
which is “Method and System for Dynamic Network Intrusion
Monitoring Detection and Response.”
The '237 patent, as we will see, contains certain representative
claims. And so, I will focus on that patent alone here. The patent
has 42 claims in total. [D]efendant argues in its briefing that
[c]laim 18 is representative for Section 101 purposes, [of] not only
the independent claims in that patent, but of all independent claims
in both patents that are being asserted in this case. 1 And Plaintiffs
never explicitly disputed in the briefing that [c]laim 18 was
representative of the other asserted independent claims. 2
Claim 18 recites a security monitoring system for a computer
network. The system utilizes a plurality of sensors, a secure
operation center[,] or SOC[,] and at least one probe. And that
probe is configured to do the following five things.
1
(D.I. 12 at 5)
2
(D.I. 31 at 1 n.1)
2
First, to collect status data from at least one sensor that monitors at
least one component of the network. Second, to analyze that status
data, to identify potential security-related threats wherein the
analysis includes an initial filtering process, and then an additional
analysis of what the patents call “post-filtering residue[,]” which is
data that is “[n]either discarded nor selected” by the initial filtering
process. Third, to transmit information about the identified events
to an analyst associated with the SOC. Fourth, to receive feedback
from an analyst based on empirically-derived information
reflecting the operation of the security monitoring system. And,
fifth, to dynamically modify [an] analysis[] capability of a probe
based on that received feedback. 3
In [their] briefing, to the extent that they ever address a dependent
claim in the patents, Plaintiffs mainly focus on the requirement
found in [c]laim 14 of the '237 patent that requires that the analyst
at the SOC or the SOC[ itself] otherwise[] utilizes “cross-probe
correlation.” 4 This is seen, for example, on [p]ages 5 and 12 of
Plaintiff[s’] answering brief in which they make reference to
[c]laim 14 and its computerized use of cross-probe correlation. 5
[In light of] this, the Court will focus on analyzing [c]laim 18 of
the '237 patent, treating it as a representative claim for all asserted
independent claims. And it will also address [c]laim 14 of that
patent[,] in that Plaintiffs have suggested that that claim is
representative of any dependent claims that discuss the addition of
cross-probe correlation or its equivalent. Moreover, as a general
matter, when the Court is discussing the specification of one of the
two asserted patents, it will make use of the '237 patent
specification[,] understanding that that specification is [] little
different from the '641 patent specification.
In step one, Defendant argues that the asserted claims are directed
to the abstract idea of “collecting, filtering, analyzing and
transmitting data[,] and then making modifications based on
human feedback.” 6 Plaintiffs do[ not] contest in their briefing that
3
(See '237 patent, col. 36:38-63)
4
(Id., col. 36:28-29)
5
(D.I. 19 at 5, 12)
6
(D.I. 12 at 7-8)
3
the purported abstract idea here is, in fact, an abstract idea, and the
Court concludes that it is. A claim to an abstract idea has been
described by the [United States Court of Appeals for the] Federal
Circuit as one directed to “a disembodied concept, a basic building
block of human ingenuity[,] untethered from any real-world
application.” 7 The Defendant’s proffered abstract idea seems to fit
that characterization.
Moreover, the Federal Circuit has explained that certain basic
methods of utilizing data like th[is], standing alone, cannot amount
to something more than an abstract idea. For example, in
International Business Machines Corp. [v.] Zillow Group, Inc., the
Federal Circuit said that, “[i]dentifying, analyzing and presenting
certain data to a user is not an improvement specific to
[computing]” [a]nd that “claims directed to collection of
information[,] comprehending the meaning of that collected
information[,] and indication of the results[,] all [o]n a generic
network computer operating in its normal[,] expected manner” are
claims directed to an abstract idea. 8
In Electric Power Group, LLC v[.] Alstom, S.A., the Federal
Circuit said that[] “[merely] requiring the selection and
manipulation [of] information[. . .]by itself does not transform” an
otherwise abstract idea into something more. 9 In cases like
BASCOM Global Internet Services, Inc. v[.] AT&T Mobility, LLC,
the Federal Circuit noted that “filtering content is an abstract idea
because it is a long-standing, well-known method of organizing
human behavior, similar to concepts previously found to be
abstract.” 10 And in[] In [r]e[] Rosenberg, the Federal Circuit
explained that the idea of determining whether to “fine[-]tune” a
system, including by providing instructions to modify certain
procedures or parameters[,] amounts to an abstract idea. 11
7
CLS Bank Int’l v. Alice Corp. Pty. Ltd., 717 F.3d 1269, 1286 (Fed. Cir. 2013)
(Lourie, J., concurring) (internal quotation marks and citation omitted).
8
Int’l Bus. Machs. Corp. v. Zillow Grp., Inc., 50 F.4th 1371, 1378 (Fed. Cir. 2022)
(internal quotation marks and citations omitted).
9
Elec. Power Grp., LLC v. Alstom S.A., 830 F.3d 1350, 1355 (Fed. Cir. 2016).
10
BASCOM Glob. Internet Servs., Inc. v. AT&T Mobility LLC, 827 F.3d 1341, 1348
(Fed. Cir. 2016).
11
In re Rosenberg, 813 F. App’x 594, 596 (Fed. Cir. 2020).
4
So, we know that if it[ is] right to say that all these claims are
directed to [is] collecting data and[/]or analyzing data, and[/]or
filtering data, and[/]or transmitting data and[/]or modifying data
based on analysis, well that cannot be enough to save the claims in
step one.
But Plaintiffs contend that the '237 patent is not actually directed to
the broad abstract idea [at issue] here and [is instead] directed to
something more particularized. On that score[,] in their briefing,
Plaintiffs assert that the claims are directed to “a specific
architecture for detecting and responding to new and constantly
evolving attacks on computer networks.” 12
What is this more specific architecture that Plaintiffs speak of?
Essentially in places like [p]ages 3 to 6 of their answering brief 13
or in [p]aragraph [3]7 of their Complaint 14 and, again, in oral
argument here today, Plaintiffs have focused most directly on three
different aspects of the claims.
First, they note that the claim[ed] systems and methods utilize a
“tiered analysis” at the probe. By this they mean that first a probe
uses “two different types of filters” to assess status data[—]a
positive and negative filter that selects or discards data
respectfully. And, second, that the probe then separately analyzes
a middle ground[-]type of data that has . . . neither been selected or
discarded by the filter[—]what the patents refer to as post-filtering
residue.
Second, Plaintiffs highlight that the claimed systems and methods
also use a “two-level review process”[—in] that a computerized
analysis of this data occurs first at the probe level[, b]ut then the
information gleaned about potential security-related events is sent
to a human analyst for further review.
And[] third, Plaintiffs [note] that [] certain dependent claims like
[c]laim 14[] require that the analysis performed at the SOC
involves electronic cross-probe correlation, which the Court
understands to mean that, as Plaintiffs suggested in [their] briefing,
12
(D.I. 19 at 16)
13
(Id. at 3-6)
14
(D.I. 1 at ¶ 37)
5
the system takes into account and analyzes status data obtained
from multiple different probes, not just a single probe.
The [“]directed to[”] inquiry in step one applies a stage one filter to
claims considered in light of the specification, based on whether
their [“]character as a whole[”] or their [“]focus[”] is directed to
exclude[ed] subject matter. 15 As to how that inquiry should
proceed, the Federal Circuit provides some guidance in Internet
Patents Corp. v[.] Active Network, Inc. 16 There, in order to
ascertain at step one whether the claim’s character as a whole was
directed to an abstract idea, the Internet Patents Court examined
the specification of the patent at issue. In doing so, it cited to what
the patentee described in the specification as the “innovation over
the prior art” and the “[essential], most important aspect” of the
patent. 17
The Federal Circuit [has] also stated, however, that reliance on the
specification must always yield to the claim language in
identifying what a claim is directed to, because the concern that
d[rives] the judicial exception to patentability is one of preemption
[and] the claim language defines the breadth of each claim. 18
In order to attack this step one question, then[,] the Court needs to
determine: What is the focus of representative [c]laims[. . .]18 and
14 of the '237 patent[?] In looking at the patent specification, it[
is] pretty clear that some aspects of the specific architecture touted
by Plaintiffs are not what the patent itself is saying it[ is]
particularly focused on.
For example, it[ is] of course[] true that [c]laim 18 and [c]laim 14
include reference to, first, how the probe separately analyzes postfiltering residue after the initial filtering stage has occurred[, a]nd
second, the analysis of status data by way of cross-probe
correlation. But when one reads the patent, one sees that those
post-filtering residue and cross-probe correlation concepts are
actually little mentioned in the specification.
15
Enfish, LLC v. Microsoft Corp., 822 F.3d 1327, 1335-36 (Fed. Cir. 2016) (internal
quotation marks and citation omitted).
16
Internet Patents Corp. v. Active Network, Inc., 790 F.3d 1343 (Fed. Cir. 2015).
17
Id. at 1348 (internal quotation marks and citation omitted).
18
ChargePoint, Inc. v. SemaConnect, Inc., 920 F.3d 759, 766 (Fed. Cir. 2019).
6
For example, the only time the specification mentions the concept
of analyzing post-filtering residue comes in [c]olumn 8. There[,
in] a description of an exemplary embodiment found in Figure 2[,
t]he patent explains that after the system first filters the status
data[] using a negative filter[ing] subsystem and a positive filtering
subsystem[,] which selects “possibly interesting information” and
forwards it on to the SOC[, t]hen[] “data neither discarded by the
negative filtering subsystem . . . nor selected out as interesting by
[the] positive filtering subsystem . . . form the ‘residue,’ which is
sent to anomaly engine 2050 for further analysis. Anomaly engine
2050 determines what residue information may be worthy of
additional analysis and sends such information” for forwarding to
the SOC. 19
And so far as the Court is aware, the only time the specification
makes reference to the idea of cross-probe correlation comes in a
few lines in [c]olumn 2 and [c]olumn 3. In [c]olumn 2, for
example, the patent states that, “[f]urthermore, data filtering and
analysis can include cross-product analysis, which allows the
probe[/]sentry system to correlate and recognize such multiple
sensor readings as reflecting the same [happening]. Such features
ensure that the invention is capable of the rapid refinement
necessary to combat [network] attacks.” 20 Additionally, there[ is]
a brief reference to “cross-correlation” and “cross-analysis” in
[c]olumn 3 of the patent. 21
But in general, the specification indicates that the patent’s focus or
its character as a whole is not really attuned to those two
concepts[.] Instead, the patent reads as if its focus is [] on the
general concept of filtering and analyzing status data and doing so
via the two-level review process that Plaintiffs spoke of in their
briefing. In other words, having one computerized review process
occur at the probe and then another human analyst[-]based review
process occur at the SOC.
That the patent’s focus is on this two-level review process is seen
first by looking at the [A]bstract. There[,] the patent explains that
the inventions described therein are about how “[a] probe attached
to a customer’s network collects status data and other audit
information from monitored components of the network[,] looking
19
('237 patent, col. 8:48-57)
20
(Id., col. 2:26-32)
21
(Id., col. 3:17)
7
for footprints or evidence of unauthorized intrusions or attack[s].
The probe filters and analyzes the collected data to identify
potentially security-related events happening on the network[.
I]dentif[ied] events [] are transmitted to [a] human analyst[] for
problem resolution.” 22 After discussing the types of resources that
a human analyst might use, the [A]bstract concludes by noting the
feedback from the analyst: “Problem resolution [efforts] can be
used to update the knowledge base available to analysts for future
attacks and to update the filtering and analysis capabilities of the
probe [and] other systems.” 23 There[ is] no specific mention there
of analyzing post-filtering residue or the use of cross-probe
correlation, for example.
So, too, in the patent’s Background of the Invention section.
There, the patent explains how [prior art] computer and network
security products[,] like firewalls []or authentication mechanisms
or encryption[,] were focused on preventing outside intrusion into
an internal network. 24 But the patent explains that because those
computerized processes do[ not] always work perfectly, it[ is] also
helpful to have “monitoring[,] detection and response in the event
of a breach.” 25 That said, the patent explains that system
administrators cannot easily play [this] additional monitoring role,
[in] that they “normally do not have the time or ability to read
through large amounts of constantly update[ed] audit
information[,] looking for attacks on their systems.[] []They also
do not have the time to continuously monitor hacker activities[,]
looking out for new tactics, tools and trends.[] []Finally, they do[
not] have the time to become experts on every kind of intrusion
and to maintain that expertise.” 26 Therefore, here the patent
concludes by noting that what[ is] needed is a system that both
employs “automatic defenses” that work against automated attacks,
but that also utilizes “human intelligence” and that “takes
advantage of security intelligence and other knowledge[]
databases” in order to provide “the kind of intelligent defense
22
(Id. at Abstract)
23
(Id.)
24
(Id., col. 1:21-22)
25
(Id., col. 1:26-30)
26
(Id.)
8
offered by the present invention.” 27 In other words, here the patent
seems to be saying that its focus is on providing the two-level
review process[—o]ne part computer[-]based, one part human[]based[—]that Plaintiffs speak of.
This conclusion is also borne out in reviewing [t]he Summary of
[t]he Invention section of the patent. As the Court[ has] noted,
there are a few brief references in [c]olumns 2 and 3 in th[is]
section to the benefit of the system[’]s taking into account crossprobe correlation. But the entirety of the rest of the section which
spans [c]olumns 2 through [3,] is really talking at a high level
about the benefits of a two-level system for intrusion detection[:]
one that incorporates the work of a probe or sentry system that
filters data and does a preliminary threa[t ]analysis [a]nd one that
also incorporates human analysts to further sift through that data
and provide feedback. 28 And[,] this section does[ not] mention
specifically the particular benefit of having the probe select out and
then separately review post-filtering residue even once.
So, all this begs the question: If the patent[ is] focused on the use
of a two-level system for detecting security threats, does that
concept amount only to simply “collecting, filtering, analyzing and
transmitting data[] and then making modifications based on human
feedback?” For our purposes here, and the Court will assume[
arguendo], yes.
The Court will take this path because these portions of the patent
seem to be telling us that what the claim is about is that having the
computerized probe filter status data and analyze it, and then later
having a human do a second-level set of analysis of certain data
that[ has] been passed along. There[ is] nothing more in the claims
about how the probe or the human analyst must do that filtering
[or] analysis[,] or what type of feedback or modifications must be
provided by the analyst.
Moreover, [one] way of assessing whether claims [are] directed to
an abstract idea is to ask whether the claim is directed to an
improvement in computer functionality, or instead [to whether] the
computer is simply being used as [a] tool[] to aid in carrying out
27
(Id., col. 1:35-42)
28
(Id., cols. 2:35-3:52)
9
the abstract idea itself. 29 And here, there[ is] no other indication in
the patent that either of these two high-level levels of review of
status data implement[ an] improvement to the way that computers
work. For example, Plaintiffs do[ not] contend that the claim[s’]
use of computer-based positive and negative filter[ing] or analysis
in any way represents a new computerized method of performing
this type of work. Indeed, in [c]olumn 8, the patent suggests that
it[ is] not. 30 Moreover, as was noted above in the Court’s
discussion of [the] Background of [t]he Invention section of the
patent, the patent explains that the role of the human analyst is to
allow the claim[ed] system to engage in the type of data analysis
that a human can do, but th[at] system administrators simply do[
not] have the time to do, since they can[not] “read through large
amounts of constantly updated audit information[.]” 31 As
Defendant noted in its opening brief, [“]this is []not an
improvement to computer functionality[; i]t simply supplements
one human[ (]the administrator[)] with another[ human ] [(]an
analyst[)].” 32
Now, the Court does[ not] necessarily agree with Defendant’s
contention that the patent is directed solely to a “human solution[,]
not a technical solution.” 33 It would be more accurate to say[ that]
with its focus on this two-level review of status data, the patent[ is]
directed to the combination of a human solution and a computerbased solution.
But when describing [and] claiming this two-level solution, it[ is]
as if the patent simply said that it was claiming the following idea:
Use a computer to filter and analyze status data [(]in a manner
indistinguishable [from] how computers already do this[)] and then
use a human to further analyze status data and provide some
feedback on it[. N]othing more. 34 It[ is] difficult to see how this
combined concept[,] which simply seems to be about layering
29
Customedia Techs., LLC v. Dish Network Corp., 951 F.3d 1359, 1364 (Fed. Cir.
30
(See, e.g., '237 patent, col. 8:57-59; D.I. 31 at 5)
31
('237 patent, col. 1:25-32)
32
(D.I. 12 at 11)
33
(D.I. 31 at 2)
34
(Id. at 3)
2020).
10
together two broad ways of collecting, filtering and analyzing data
in order to provide feedback, is meaningfully different from the
Defendant[’s] articulation of the abstract idea.
And so, the Court agrees, for our purposes here, that the claims are
directed to the proffered abstract idea in Alice’s step one.
I now turn to step two of the Alice framework. At step two, the
Court[ is] required to assess what else is in the claim, beyond the
abstract idea, in order to determine whether the additional elements
in the claim, either viewed independently or as an ordered
combination, transform the nature of the claim into a patent[]eligible application of the abstract idea. 35
With respect to computer functionality[-]based claims, like those at
issue here, the Federal Circuit has stated that such claims can
include an inventive concept where they provide a technological
solution to a technological problem. 36 At step two, for the role of
the computer to be meaningful in the context of the Section 101
analysis, it must involve more than the performance of wellunderstood[,] routine and conventional activities previously known
in the industry. 37
I will say that I think the step two question here was a difficult one
to resolve. Reasonable minds could disagree about how one
should come out. Let me explain, though, why I am determining
that the record indicates the presence of a factual dispute[ at]step
two sufficient to warrant denial of the Defendant’s motion.
At times in the briefing and in the Complaint, such as in
[p]aragraph 29 of the Complaint, Plaintiffs note that [the]
claim[ed] systems and[] methods amounted to a []novel[]
architecture for unearthing and addressing network intrusions. 38
And the Court must accept those allegations of novelty as true at
the pleading stage[.] [B]ut that alone would[ not] be enough to get
35
See Alice Corp. Pty. Ltd. v. CLS Bank Int’l, 573 U.S. 208, 217-18 (2014).
36
See Amdocs (Isr.) Ltd. v. Openet Telecom, Inc., 841 F.3d 1288, 1300-02 (Fed. Cir.
2016).
37
Content Extraction & Transmission LLC v. Wells Fargo Bank, Nat’l Ass’n, 776
F.3d 1343, 1347-48 (Fed. Cir. 2014).
38
(D.I. 1 at ¶ 29; see also D.I. 19 at 19-20)
11
Plaintiffs over the hump at step two. That[ is] because there[ is] a
difference between the concept of novelty and patent eligibility in
[federal] patent[ law]. The Federal Circuit[ has] explained that
whether a particular element or combination of elements is novel
does[ not] necessarily [go to] whether that element[ is] patent
eligible. 39 Put differently, as the Federal Circuit stated in []
Synopsys, Inc. v[.] Mentor Graphics [Corp.], a claim for a new
abstract idea is still an abstract idea. 40
Nor [in] the Court’s view is there any indication that any of the
remaining components of the representative claims, were they
standing alone, would amount to anything other than use of generic
computer components to perform well-known computer functions.
Claim 18, for example, utilizes sensors, a secure operation center
and at least one probe. But as the Defendant notes, the patent tells
us at [c]olumn 4 that any such technology utilizing those claim
elements[] was well known and commercially available. 41 So, the
use of these computer hardware[-]based limitations in the claims
do little more than spell out what it means to apply the abstract
idea on a computer. 42 Moreover, [claim 18’s] additional step of
analyzing post-filtering residue appears to make use of, according
to [c]olumn 8 of the patent, a type of well-known data
discrimination analysis. 43 And [c]laim 14’s reference to the use of
cross-probe correlation is not suggested on its own to be a new use
of computer technology.
That said, we also [know] from the Federal Circuit’s decision in
BASCOM that the claim[s’] use of an ordered combination of
otherwise known conventional elements can still amount to an
inventive concept in step two. 44 And in the Court’s view, there is
just enough in the record to render it plausible that the
39
Two-Way Media v. Comcast Cable Commc’ns, LLC, 874 F.3d 1329, 1339-40
(Fed. Cir. 2017); Intell. Ventures I LLC v. Symantec Corp., 838 F.3d 1307, 1315 (Fed. Cir.
2016).
40
Synopsys, Inc. v. Mentor Graphics Corp., 839 F.3d 1138, 1151 (Fed. Cir. 2016).
41
('237 patent, col. 4:48-52)
42
See Intell. Ventures I LLC v. Cap. One Bank (USA)., 792 F.3d 1363, 1370 (Fed.
Cir. 2015).
43
('237 patent, col. 8:57-58)
44
See generally BASCOM, 827 F.3d at 1349-50.
12
representative claims include[ an] inventive concept by way of
their use of an ordered combination of known elements in an
unconventional way[,] as part of the claim[ed] security [system and
methods].
Here, it[ is] the claim[s’] combination of the two-level review
process with the added more specific step of having the computer
probe th[e]n additionally analyze[] post-filtering residue[—p]lus,
in at least some dependent claims, the computer’s additional use of
data obtained from multiple probes[—]that could represent the
requisite ordered combination of elements.
Of course, one might say, as Defendant does, 45 that the claim[s’]
additional assessment of post-filtering residue or the correlation of
status data from multiple probes is just another way of piling the
use of one abstract idea on to another. In other words, one could
argue that the second post-filtering residue analysis step is just
another way of saying [“]analyze data[,”] or that the cross-probe
correlation step is just another way of saying [“]correlate data[.”
A]nd that both of those things are just additional ways to make use
of abstract ideas.
And one could also argue, as Defendant does, 46 that [the] claims
do not tell us any more about how the claim[ed] systems or
methods analyze post-filtering residue or how they correlate
information from different probes[—]such that the addition of
those other steps cannot provide an inventive concept[ here]. And
it[ is] true, the claims do[ not] provide this additional indication of
how the systems or methods do this particular work. Moreover,
they certainly do[ not] describe some further technical means for
performing these functions.
But the Court is not completely convinced that the way Defendant
is looking at these issues is the right way to do so for purposes of
[the Court’s] review here. A couple of cases from the Federal
Circuit convince the Court that this is so.
Particularly, one. And there the Court looks to the Federal
Circuit’s decision in SRI International, Inc. v[.] Cisco Systems,
Inc., 47 the case that Plaintiffs have identified as the most analogous
45
(D.I. 12 at 12-13)
46
(Id. at 12, 18)
47
SRI Int’l, Inc. v. Cisco Sys., Inc., 930 F.3d 1295 (Fed. Cir. 2019).
13
Federal Circuit opinion to this case. The Court agrees with
Plaintiffs that SRI, although it was decided at the step one stage[,]
not at step two, is very helpful to their argument here.
In SRI, the representative claim was to a computer-automated
method of hierarchical[] event monitoring and analysis within a
network. The claim[] performed this method by, first, deploying
more than one network monitor to detect suspicious activity based
on analysis of at least one of certain categories of network traffic[
data, s]econd, by having those monitors generate reports of
suspicious activity [a]nd, third, by having those reports be received
or integrated by one or more [hierarchical] monitors. 48
At step one, the SRI Court found that the claim was not simply
directed to the abstract idea of collecting and analyzing data. 49
This was even though the steps of the claim[] were fairly basic and
functional in the[ir] requirements[,] in that one aspect of it simply
required an [“]analysis of network traffic[ data” a]nd another
simply required that the monitors “generate[] reports[]” [a]nd a
third only said that the monitors must be “receiving and integrating
[the] reports,” nothing more. 50 Yet, the SRI Court did[ not]
conclude that this me[ant that] the claims were simply about
collecting and analyzing data.
Instead, in determining that the claims[] nevertheless[] were
directed to something more, the Court looked at the patent
specification. The specification explained that the claimed
invention solved weaknesses in conventional networks in order to
fix a technological problem and provide a “framework for the
recognition of more global threats [to] inter[]domain connectivity,
including coordinated attempts to infiltrate or destroy connectivity
across an entire network[ enterprise.]” 51 This was enough to
ensure the Court that the computers used in the claim were not
added simply “as a tool” to automate conventional activity, but
instead were claims that improved the functionality of the
computers and computer networks themselves. 52
48
Id. at 1301.
49
Id. at 1303-04.
50
Id. at 1301.
51
Id. at 1303-04 (internal quotation marks and citation omitted).
52
Id. at 1304.
14
The SRI Court came to this conclusion[] even though the claim did
not specify how the network monitors detected suspicious activity
or analyzed data [(]beyond the requirement that they use at least
one of the categories [of data] mentioned in the claim[)], or how
they generated reports of suspicious activity, or how they received
and integrated those reports. Despite this, SRI concluded that the
claims were directed to what i[t] called a “specific technique . . .
using a plurality of network monitors that each analyze[] specific
types of data on the net[work] and integrating reports from the
monitors[—]to solve a technological problem arising in computer
networks[: ] identifying hackers or potential intruders to the
network.” 53
Now, unlike in SRI, as I[ have] noted above, the patent[s’]
specification does[ not] say a lot about the claim[s’] additional use
of the probes to analyze post-filtering residue[,] or the claim[s’]
use of data f[rom] multiple probes and how[ (]when combined with
the two-level filtering analysis process[)] this might amount to an
unconventional use of computer technology. A[s] the Court
mentioned, there are some references in the specification to these
additional concepts in [c]olumns 2, 3 and 8, but they[ are] certainly
not highlighted or described in a really fulsome manner.
That said, the Complaint does fill in some of these blanks.
Paragraph 38 of the Complaint is particularly relevant[ here].
Therein, Plaintiffs state that the architecture of the patent was
“novel and unconventional[,” a]nd in explaining why that was so,
they cite to the [E]xaminer’s Notice of Allowability regarding the
'237 patent. 54 Therein, the [E]xaminer stated that, [t]ypically [in]
network security systems “all data is filtered by intrusion detection,
firewall, gateway, proxy, sensor, probe, or sentry or some other
type of device[,” ] such that if [“]an attack occurs, the data is
transmitted for further analysis.” 55 [But t]he [E]xaminer noted that
in such systems “[a]ll other data is usually blocked or
discarded[.]” 56 The Notice of Allowability also states that [“]prior
art does not disclose or suggest data [neither] discarded by []
53
Id. at 1303.
54
(D.I. 1 at ¶ 38)
55
(Id. (internal quotation marks and citation omitted))
56
(Id. (internal quotation marks and citation omitted))
15
negative or positive is the residue that is sent for further
analysis.[”] 57 The Court understands this to be an indication that
while it was conventional for intrusion detection systems to use a
filtering system like that described in the claims—that is, one that
filters status data into positive or negative categories to be either
further reviewed[ (]because it[ is] known to be threatening[)] or
otherwise discarded—those systems were not using probes to then
additionally further analyze data that fell somewhere in between
those two poles [(]or what the patents here describe as “residue”
data[)]. 58 Additionally, [p]aragraph 38 of the Complaint states that
the computer-based use of and correlation of data from different
probes was also “a significant improvement to existing computer
security technology at the time[]” [i]n that[] “previous
conventional security systems were constrained to pattern
matching at a single point in the network.” 59
So, as in SRI, here the record provides at least some[—]not a lot,
but at least some[—]factual support for the idea that the claims
could contain a specific solution to a problem faced in the
computer[] network security field, and that the solution is at least
significant[ly] [(]though not exclusively[)] rooted in computer
technology. That [is] so, as in SRI, even though the claims do[ not]
specify every detail of how the claimed systems in the patents
protect against network intrusion[.] And as in SRI, even though
the claims[,] looked at []one [way], [] might be said to simply be
about collecting[] and filtering and analyzing data[, i]t seems like
that may not be the right way to view [them] at step two. Instead,
it seems like the claims could be[ (]maybe should be[)] viewed, at
least at the pleading stage, as plausibly employing a “specific
technique” to assess status data[—]one that utilizes a partly
computerized, two-level filtering system[, and then] uses the
computerized probe to additionally assess residue data in
combination with that two-level system in a way that was[ not]
being done before. And that[] also, in some dependent claims[,]
makes use of data f[rom] multiple probes in a way that
computerized programs were[ not] doing[ before].
One last point about SRI. Defendant [notes] that one of the
justifications[ (]though not the only one[)] that the Federal Circuit
57
D.I. 1 at ¶ 38))
(U.S. Patent Application No. 09/766,343, Notice of Allowability at 4, ¶ 6 (cited in
58
(D.I. 19 at 3)
59
(D.I. 1 at ¶ 38)
16
used in that case to support its decision[] was that the Court tended
to agree with the [p]laintiff that “the human mind is not equipped
to detect suspicious activity by using network monitors and
analyzing network packets as recited by the claims.” 60 And
Defendant contrasts that with the scenario here, arguing that it is
clear from the record that the human mind is equipped to do
everything that [c]laim 18 can do[,] in a similar way that a nonhuman could do[ it]. Obviously, some elements of [c]laim 18 do
involve a human analyst[. S]o it seems hard to dispute
Defendant’s contention as to those elements. But the claim does
have other elements[,] such as the probe’s use of positive and
negative filtering. Now, it may be the case that a human could
play that filtering role in a similar way to what the probe does
here[. But] I do[ not] have a great record to support that assertion[,
a]nd I can[not] wholly rely on the arguments of counsel on that
point. I[ am] not saying that a better record on this issue in and of
itself would make the difference in Defendant’s favor in [the]
case[-]dispositive stage of the case. All I[ am] saying is that if it
w[ould], that stage would be the right stage to fully assess the
record on that issue, not the pleading[] stage.
In addition to SRI, the representative claims here also do[ not]
seem all that different to the Court than the claims at issue in
Thales Visionix Inc. v[.] United States, another Federal Circuit
case. 61 Claim 22 in Thales was exemplary[,] and it was brief[]. In
two lines, it recited a method of determining an object’s orientation
based on the outputs of two inertial sensors that were mounted[,]
respectively[,] on the object[] and [a] moving reference [frame]. 62
The specification explained how conventional methods [for
tracking] an object’s motion were flawed, and that the patent’s
invention provided multiple advantages, including increased
accuracy[ and] the ability to operate without requiring hardware[,]
and simple installation. 63
[In] finding [at] step one [that] the claim and another representative
claim were not directed to the abstract idea of [“]using laws of
nature governing motion to track two objects[” t]he Federal Circuit
60
SRI Int’l, Inc., 930 F.3d at 1304.
61
Thales Visionix Inc. v. United States, 850 F.3d 1343 (Fed. Cir. 2017).
62
Id. at 1345.
63
Id.
17
noted that, instead, the “claims specify a particular configuration
of inertial sensors and a particular method of using the raw data
from the sensors in order to more accurately calculate the position
and orientation of an object on a moving platform.” 64 Now, the
Federal Circuit said this even though[,] like here, [c]laim 22 did
not specify how to determine the orientation of the object or what
process or formulas were used to do that. The claim just said that
[you do so] “based on” signals from their respective two sensors. 65
Nor d[id] the claims say how those sensors work[ed] to provide
signals. And the sensors used in Thales, like the probes and
sensors used here, were conventional in the art. 66
Nevertheless, it was enough for the Federal Circuit that the
configuration[] of the sensors was a “particular” one[ or]was used
in a “particular method” for collecting data. 67 In other words,
sufficient particularity was demonstrated by the fact that the
sensors were specified to be placed in two different positions[(]an
object and a moving reference frame[)], so long as the patent or the
record helped make clear how that particular arrangement solved
the technological problem. Similarly, here, it[ is] at least plausible
that the claims at issue contain a similar level of particularity[—in]
that a probe is used to do positive and negative filtering, and then
is used a second time to assess residual status [data—a]nd th[at] in
certain claims[,] data from multiple [probes] is utilized. As noted
above, the record contains indication [that this ordered
combination] of steps[,] taken together with the rest of the
elements of the claims at issue, amounted to unconventional ways
to use computerized probes in order to solve a problem in
computer securit[y].
Lastly, the Court [notes] that the Supreme Court has stated [that]
the eligibility analysis is driven by the concern of preemption. 68
The preemption analysis in turn compels a Court to assess whether
64
Id. at 1346, 1349 (emphasis added).
65
Id. at 1345.
66
Id. at 1344-45.
67
Id. at 1349.
68
Alice Corp. Pty. Ltd., 573 U.S. at 216.
18
the claims at issue attempt to preempt every application[,] or at
least a great many applications[,] of the abstract at issue. 69
And, here, in the Court’s view, the record provides at least some
indication that the claims do[ not] preempt all [ways,] and perhaps
do[ not] even preempt very many [ways,] of “collecting, filtering,
analyzing[,] and transmitting data[,] and then making
modifications based on human feedback.” Paragraph 38 in the
Complaint tells us that one could simply collect and analyze status
data by [] using a positive and negative filter without[] also[ (]as
the claims do[)] then using the probe again to reassess residual data
that did[ not] fall into the positive or negative categories of the first
filtering stage. And it also tells us that one could collect, filter and
analyze data only by using one probe instead of[ (]as in certain
dependent claims here[)] by obtaining and correlating information
from multiple probes. The extent to which the claims do not
preempt the field of the abstract idea is a fact question, not
[amenable] to resolution at the Rule 12 stage, at least based on this
record.
So, for all these reasons, the Court denies Defendant’s motion at
step two of the Alice analysis[,] without prejudice to Defendant’s
ability to re-raise the issue at the case dispositive motion stage.
69
DDR Holdings, LLC v. Hotels.com, L.P., 773 F.3d 1245, 1259 (Fed. Cir. 2014).
19
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
