StrikeForce Technologies, Inc. v. Gemalto, Inc. et al
Filing
54
Judge Richard G. Stearns: ORDER entered. CLAIM CONSTRUCTION MEMORANDUM AND ORDER. "The three sets of claim terms at issue will be construed for the jury and for all other purposes in a manner consistent with these rulings of the court."Associated Cases: 1:17-cv-10422-RGS, 1:17-cv-10423-RGS(RGS, int2)
UNITED STATES DISTRICT COURT
DISTRICT OF MASSACHUSETTS
CIVIL ACTION NO. 17-10422-RGS
STRIKEFORCE TECHNOLOGIES, INC.
v.
GEMALTO, INC., ET AL.
___
CIVIL ACTION NO. 17-10423-RGS
STRIKEFORCE TECHNOLOGIES, INC.
v.
VASCO DATA SECURITY, INC.
___
MEMORANDUM AND ORDER
ON PRE-DISCOVERY CLAIM CONSTRUCTION
August 31, 2017
STEARNS, D.J.
In these intellectual property disputes, plaintiff StrikeForce
Technologies, Inc., asserts infringement claims of U.S. Patents Nos.
8,484,698 (the ’698 patent) and 8,713,701 (the ’701 patent) against two
sets of defendants: Gemalto, Inc., Gemalto N.V., and SafeNet, Inc.
(collectively Gemalto); and Vasco Data Security, Inc. Given the similar
subject matter, the parties elected to consolidate pre-trial proceedings.
Accepting their proposal, the court bifurcated the Markman hearing and
agreed to undertake pre-discovery claim construction of three groups of
key disputed terms. See Markman v. Westview Instruments, Inc., 517
U.S. 370 (1996). The court received tutorials in the underlying technology
and heard argument on August 30, 2017.
THE ASSERTED PATENTS
Both the ’698 and ’701 patents are entitled “Multichannel Device
Utilizing a Centralized Out-of-Band Authentication System (COBAS).”
Both patents list Ram Pemmaraju as the sole inventor. The ’698 patent
was issued on July 9, 2013. The ’701 patent was issued on April 29, 2014.
The ’701 patent’s application is a continuation of the application that
led to the issuance of the ’698 patent. 1 Both patents are directed to “[a]
multichannel security system . . . for granting and denying access to a host
computer in response to a demand from an access-seeking individual and
computer.” ’698 patent, Abstract. According to the inventor, at the time
of
the
invention,
computer
security
“access
control
products
authenticate[d] only the user and not the location.” Id. col. 2, ll. 40-41.
The ’698 patent is a continuation of U.S. Patent No. 7,870,599 (the
’599 patent). The ’599 patent is a continuation-in-part of abandoned
application no. 09/655,297 (the ’297 application). All three issued patents
share virtually identical specifications. Because of the identicality, all
citations are to the ’698 patent specification.
1
2
Typically, access-control security products [such as simple
password, random password, and biometric systems] are inband authentication systems with the data and the
authentication information on the same network. Thus, upon
accessing a computer, a computer prompt requests that you
enter your password and, upon clearance, access is granted. In
this example, all information exchanged is on the same network
or in-band. The technical problem created thereby is that the
hacker is in a self-authenticating environment.
Id. col. 2, ll. 31-36. Dialing back to the originating modem was a feasible
means of location verification when computer networks could be accessed
only through modems. See id. col. 2, ll. 42-45. However, today’s computer
networks are typically accessible by modem-independent internet
connections and “there is no necessary connection between the internet
address and a location.” Id. col. 2, ll. 46-53.
The asserted patents address the perceived security weakness
through a “unique combination of user and host authentication.” Id. col.
4, ll. 34-35.
The security system of the present invention is out-of-band with
respect to the host computer and is configured to intercept
requests for access. The first step in controlling the incoming
access flow is a user authentication provided in response to
prompts for a user identification and password.
After
verification at the security system, the system operating in an
out-of-band mode, uses telephone dialup for location
authentication and user authentication via a password entered
using a telephone keypad.
3
Id. col. 4, ll. 34-42.
Figure 1A, reproduced below, exemplifies an
embodiment of the invention in a wide area network (WAN) environment.
Here the accessor is the computer equipment 22, including the
central processing unit and the operating system thereof, and the
person or user 24 whose voice is transmittable by the telephone
26 over telephone lines 28. The access network 30 is constructed
in such a manner that, when user 24 requests access to a web
page 32 located at a host computer or web server 34 through
computer 22, the request-for-access is diverted by a router 36
internal to the corporate network 38 to an out-of-band security
network 40. Authentication occurs in the out-of-band security
network 40.
4
Id. col. 6, ll. 33-43.
The patents also disclose embodiments in local area network (LAN)
and internet settings. The second embodiment is “applied to the intranet
in which an internal accessor in a local area network seeks entry into a
restricted portion of the host system.” Id. col. 5, ll. 46-48.
The access network 230 is constructed in such a manner that,
when user 224 requests access to a high security database 232
located at a host computer 234 through computer 222, the
request-for-access is diverted by a router 236 internal to the
corporate network 238 to an out-of-band security network 240.
Here the emphasis is upon right-to-know classifications within
an organization rather than on avoiding entry by hackers.
Id. col. 12, ll. 43-50; see also Fig. 10. “Th[e third] embodiment describes the
application of the security system to access over the Internet.” Id. col. 12, ll.
65-67.
The [is the] case of [a] user accessing a web application, such as
an online banking application, (located on a web server 334) over
the internet 330. The user from a computer 322 accesses the web
application over an access channel and enters their USER ID.
The web server 334 sends the USER ID to the security system
340, also referred to as the centralized out-of-band
authentication system (COBAS). COBAS 340 proceeds with
authenticating the user through the user’s cellular telephone over
an authentication channel. The security system 340 calls the
access-seeking user at the cellular telephone 326. The user
answers the phone and is prompted to enter a password for
password verification and to enter a biometric identifier, such as
a fingerprint. The security system 340 authenticates the user
and sends the result to the web server 334. Upon a positive
authentication and after disconnecting from the authentication
5
channel, access is granted along the access channel to the
USER’S PC device 322.
Id. col. 13, ll. 7-23; see also Fig. 11. 2
Claim 1 of each asserted patent is emblematic.
’698 patent claim 1.
A software method for employing a multichannel security
system to control access to a computer, comprising the steps of:
receiving at an interception device in a first channel a login
identification demand to access a host computer also in
the first channel;
verifying the login identification;
receiving at a security computer in a second channel the
demand for access and the login identification;
outputting from the security computer a prompt requesting
transmission of data;
receiving the transmitted data at the security computer;
comparing the transmitted data to predetermined data; and
depending on the comparison of the transmitted and the
predetermined data, outputting an instruction from the
security computer to the host computer to grant access to
the host computer or deny access thereto.
A fourth embodiment, illustrated by Figure 13, is largely equivalent
to the third embodiment, with the difference that it “describes the
application to wireless networks including peripherals, such as PDAs and
cellular telephones.” Id. col. 13, ll. 62-64.
6
2
’701 patent claim 1.
A security system for accessing a host computer comprising:
an access channel comprising:
an interception device for receiving a login identification
originating from an accessor for access to said host
computer; and
an authentication channel comprising:
a security computer for receiving from said interception
device said login identification and for communicating
access information to said host computer and for
communicating with a peripheral device of said
accessor;
a database having at least one peripheral address record
corresponding to said login identification;
a prompt mechanism for instructing said accessor to enter
predetermined data at and transmit said predetermined
data from said peripheral device; and
a comparator for authenticating access demands in
response to the transmission of said predetermined data
by verifying a match between said predetermined data
and said entered and transmitted data,
wherein said security computer outputs an instruction to the
host computer to either grant access thereto using said
access channel or to deny access thereto.
(Emphasis added to highlight disputed terms.)
For purposes of this
threshold Markman proceeding, the parties dispute the construction of
the terms “host computer,” “access channel” / “first channel” and
7
“authentication channel” / “second channel,” and “multichannel security
system” / “security system.” 3
DISCUSSION
Claim construction is a matter of law. See Markman, 517 U.S. at
388-389.
Claim terms are generally given the ordinary and customary
meaning that would be attributed by a person of ordinary skill in the art in
question at the time of the invention. Phillips v. AWH Corp., 415 F.3d
1303, 1312-1313 (Fed. Cir. 2005) (en banc) (citations omitted).
In
determining the understanding of this hypothetical person of ordinary
skill in the art, the court looks to the specification of the patent, its
prosecution history, and in those instances where appropriate, extrinsic
evidence such as dictionaries, treatises, or expert testimony. Id. at 13151317. Ultimately, “[t]he construction that stays true to the claim language
These three sets of claim terms, inter alia, were previously construed
in StrikeForce Techs. Inc. v. PhoneFactor Inc., 2015 WL 5708577 (D. Del.
Sept. 29, 2015). Because that case was not litigated to a final judgment, the
claim construction order has no preclusive effect. See Vargas-Colon v.
Fundacion Damas, Inc., 864 F.3d 14, 26 (1st Cir. 2017). In any event, the
Federal Circuit requires each district court to perform a claim analysis
independent of another court’s claim construction.
See Lexington
Luminance LLC v. Amazon.com Inc., 601 F. App’x 963, 969 (Fed. Cir. 2015).
3
8
and most naturally aligns with the patent’s description of the invention
will be, in the end, the correct construction.” Id. at 1316 (citation omitted).
“host computer”
The parties agree that a “host computer” is something “to which an
accessor is attempting to gain access.” However, they part company on
two particulars.
First, StrikeForce contends that, consistent with
instances where a user accesses a secure website on a web server or a
secure portion of a website, see ’698 patent, claim 3 (“wherein a host
computer is a web server”), a “host computer” may be “a computer or a
restricted portion thereof.” Defendants protest the inclusion of the phrase
“restricted portion.” As defendants see it, while the patentee certainly
knew how to describe a “restricted portion of the host system,” as he did
in explicating Figure 10, see id. col. 5, ll. 45-48; he nonetheless expressly
directed his claims simply to a “host computer.” Consequently, both the
“restricted portion” and the embodiment illustrated in Figure 10 are
excluded by the claims.
In the court’s view, defendants’ reading of the specification is much too
narrow. Although it is true that the “restricted portion” language was used
9
only in describing Figure 10, it is not a unique feature of that embodiment. 4
In all the embodiments of the patents, a user may attempt to access a specific
portion of a computer rather than the undivided system. Figure 1A, which
defendants concede discloses a covered embodiment, shows a user
attempting to access specific content in the form of a webpage “xyz.com”
– that is, a restricted portion of a computer – hosted on a web server. In
describing the details of this embodiment, the patents in numerous instances
recite a web server as an exemplar of a “host computer.” See id. Fig. 7 (block
numbered 34 is “host computer or web server or router;” id. col. 7, l. 36 (“host
computer or web server”); id. col. 8, ll. 41-42 (same); id. col. 8, l. 45 (same);
id. col. 9, ll. 25-26 (same); id. col. 12, l. 24 (same). Indeed, claim 40 of the
’698 patent expressly delineates a “host computer or web server.”
In
addition, the patentee used parallel language in describing access to the
webpage of the Figure 1 WAN embodiment as well as the secure database of
the Figure 10 LAN embodiment. Compare id. col. 6, ll. 38-39 (“user 24
requests access to a web page 32 located at a host computer or web server
Even if accessing a restricted portion of a host computer was unique
to the Figure 10 illustration, a construction that excludes a preferred
embodiment “is rarely, if ever, correct and would require highly persuasive
evidentiary support.” Vitronics Corp. v. Conceptronic, Inc., 90 F.3d 1576,
1583 (Fed. Cir. 1996).
4
10
34.”) with id. col. 12, ll. 44-46 (“user 224 requests access to a high security
database 232 located at a host computer 234 through computer 222.”). A
construction of a “host computer” must therefore, consistent with all the
embodiments, encompass seeking access to a restricted portion of a
computer.
Second, defendants maintain that a “host computer” is one to which
“no information from an accessor is allowed to enter unless access is granted
by the security computer.” Defendants offer several arguments in support of
the additional constraint. Because the purpose of the claims is to determine
whether a user is authorized to access the host computer, until the security
computer “output[s] an instruction . . . to the host computer to grant access,”
id. claim 1, the user is denied access to the host computer.
In the
specification, the patentee emphasized the interception feature of the
invention. See, e.g., id. col. 6, ll. 40-42 (“[T]he request-for-access is diverted
by a router 36 internal to the corporate network 38 to an out-of-band security
network 40.”). In like fashion, during the reexamination of the parent ’599
patent, the patentee distinguished prior art on the concept of interception.
See, e.g., Gabberty Decl., Defs.’ Ex. 20 at SF_1016 (“[T]he Walker patent
does not disclose intercepting a user’s (accessor’s) login prior to allowing the
user access to a host computer.”). According to defendants, because the login
11
information is diverted to the out-of-band security network, it follows that
no user information reaches the host computer unless and until the security
computer grants access.
StrikeForce counters, and the court agrees, that while the claims
require that a user is not granted access to the host computer until the
security computer gives permission, the user may have prior contact with
the host computer. As a threshold matter, how or when a user may contact
a host computer is not an attribute inherent in the “host computer” itself.
Nor did the patentee suggest that it is. It is the claimed components and
steps of the invention that control user authentication and access.
Although the majority of the claims of the asserted patents include an
interception limitation, 5 not all do. Claims 25 and 53 of the ’698 patent
Each claim of the ’599 parent patent recites an “interception means,”
“an intercepted demand for access,” or “an intercepted login identification”
limitation. It is therefore unsurprising that the patentee distinguished the
’599 claims from prior art on this ground (among others). Defendants also
cite the patentee’s argument made during the prosecution of the ’698 patent
to distinguish the Picket prior art, that to modify Picket to result in the
claimed invention would “require one of ordinary skill in the art to . . . find a
way to capture a user request for accessing a host computer.” Defs.’ Ex. 22
at SF_1617-1618. However, that argument was made in the context of thenpending claims 21-29, 35-44, 60-62, and 64-66, see id. at SF_1617, all of
which contained limitations either for an “interception device” (thenpending claims 21-29 and 35-44), or “a line program for intercepting a login
identification” (then-pending claims 60-62 and 64-66), see id. at SF_16041611. The patentee did not rely on the interception limitation as the sole
12
5
both recite a “host computer” but do not claim an interception device or
step. See Phillips, 415 F.3d at 1314 (“Because claim terms are normally used
consistently throughout the patent, the usage of a term in one claim can often
illuminate the meaning of the same term in other claims.”).
’698 patent claim 53.
A software method for employing a multichannel security
system to control access to a computer, comprising the steps of:
receiving in a first channel a login identification demand to
access a host computer also in the first channel;
verifying the login identification;
receiving at a security computer in a second channel the
demand for access and the login identification;
differentiating characteristic. The patentee in the same Office Action Reply
distinguished Picket on several other grounds, notably that
the system described in Picket is one in which a user already has
permission to access a website (i.e. a web server, which is a type
of “host computer”) to make a credit card purchase. Thus, Picket
does not involve the step of “outputting an instruction from the
security computer to the host computer to grant access to the
host computer or deny access thereto” . . . .
Id. at SF_1617. The patentee also noted that at the time of the invention a
person of ordinary skill in the art would not have had the motivation to
modify Picket to arrive at the claimed invention as “[s]uch a modified system
would add an additional layer of authentication that is needed by the system
disclosed in Picket, and would make the system . . . overly complicated and
more expensive to implement, maintain, and operate, and more
cumbersome to the user.” Id.
13
outputting from the security computer a prompt requesting a
transmission of data;
receiving the transmitted data at the security computer;
comparing the transmitted data to predetermined data; and
depending on the comparison of the transmitted and the
predetermined data, outputting an instruction from the
security computer to the host computer to grant access to
the host computer or deny access thereto.
Unlike claims that recite an interception device or step, claim 53 does not
identify a specific component that must receive the login information in
the first channel. 6 Without such a limitation, claim 53 is broad enough to
encompass methods whereby the host computer itself receives the login
information before relaying it to the security computer. Indeed, this is
disclosed in both the third and fourth embodiments of the patent. “The
user from a computer 322 accesses the web application over an access
channel and enters their USER ID. The web server 334 sends the USER ID
to the security system 340, also referred to as the centralized out-of-band
authentication system (COBAS).” Id. col. 13, ll. 9-13 (emphasis added); see
Likewise, claim 25, directed to “[a] software method for controlling
access to a host computer,” includes the step of “receiving an identification
and first password from the client computer” without specifying an
interception device or step.
14
6
also id. col 14, ll. 7-10. Figure 11, which illustrates the third embodiment, is
reproduced below.7, 8
Because diverting the user login information is a function of an
interception device or step, and not a function of the host computer, the
court will not read the diversion requirement into the term “host
computer.” See Ventana Med. Sys., Inc. v. Biogenex Labs., Inc., 473 F.3d
1173, 1181 (Fed. Cir. 2006) (“When the claim addresses only some of the
features disclosed in the specification, it is improper to limit the claim to
other, unclaimed features.”). “Host computer” will therefore be construed
Figure 13 illustrates the fourth embodiment. When the patentee
amended the application to add what became issued claim 53 (then pending
claim 74), he noted that it was supported, inter alia, by Figures 1A, 11, and
13. Defs.’s Ex. 22 at SF_1615.
7
StrikeForce also notes that, even in the context of the Figure 1A
embodiment, the user initially contacts the host computer to request access,
and the “entry of the user identification and password [] is requested by the
host computer.” ’698 patent, col. 9, ll. 29-31.
15
8
as “a computer (or a restricted portion thereof) to which the accessor is
attempting to gain access.”
“access channel” / “first channel” & “authentication channel” /
“second channel”
In essence this is a dispute over the meaning of the term “out-ofband.” Although the term “out-of-band” does not appear in any claim, it
figures prominently in the title of the patents and the written description.
Unlike prior art “in-band authentication systems with the data and the
authentication information on the same network,” ’698 patent, col. 2, ll. 3334, “[t]he security system of the present invention is out-of-band with
respect to the host computer,” id. col. 4, ll. 34-35.
It is an object of the present invention to provide a host computer
with a cost effective, out-of-band security network that combines
high security and tokenless operation. It is a further object of the
present invention to provide a network to isolate the
authentication protocol of a computer system from the access
channel therefor.
Id. col. 4, ll. 52-57. “[A]n ‘out-of-band’ system is defined herein as one having
an authentication channel that is separated from the information channel.”
Id. col. 6, ll. 19-20.
Consistent with the specification, the parties agree that the “access
channel” or “first channel” is “an information channel,” that the
“authentication channel” or “second channel” is “a channel for performing
16
authentication,” and that the two channels are separate in the sense that
the authentication channel is “out-of-band.” They dispute, however, the
degree of separation required for a channel to be “out-of-band.”
StrikeForce argues that information in the two channels may be “carried
over separate facilities, frequency channels, or time slots than those used
by the authentication channel/second channel.” Defendants maintain that
the two channels must “not share any facility.”
In support of its position, StrikeForce notes that its understanding
of “out-of-band” is a meaning accepted by persons of ordinary skill in the
art, demonstrated by the standard definition for “out-of-band signaling”
contained in Newton’s Telecom Dictionary. See Pl.’s Ex. 8. In addition,
StrikeForce’s proposed definition is also explicitly recited in the
specification of the patents.
For purposes of this discussion “in-band” operation is defined as
one conducted wholly within a single channel or loop. Likewise,
an “out-of-band” operation is defined as one using an
authentication channel that is separated from the channel
carrying the information and therefore is nonintrusive as it is
carried over separate facilities, frequency channels, or time slots
than those used for actual information transfer.
Id. col. 3, ll. 12-19.
Defendants point out that the broader “out-of-band” definition
relied on by StrikeForce is set out in the BACKGROUND section of the
17
specification discussing and disparaging prior art, and does not describe
the patented invention. With respect to the invention itself, defendants
contend, and the court agrees, that the patentee acted as his own
lexicographer in adopting a narrower definition. See Thorner v. Sony
Computer Entm’t Am. LLC, 669 F.3d 1362, 1365 (Fed. Cir. 2012) (“To act as
its own lexicographer, a patentee must ‘clearly set forth a definition of the
disputed claim term’ other than its plain and ordinary meaning.” (citation
omitted)). “[A]n ‘out-of-band’ system is defined herein as one having an
authentication channel that is separated from the information channel and
therefore is nonintrusive as it is carried over separate facilities than those
used for actual information transfer.” ’698 patent, col. 6, ll. 19-23 (emphasis
added).
This understanding is also the one that was relied upon by the patentee
during prosecution. During prosecution of the ’297 application, the patentee
distinguished the Tuai prior art on the in-band/out-of-band distinction.
Tuai disclosed a “controller 15 [] interconnected between the host computer
10 and the modem 12,” U.S. Patent 5,153,918, col. 4, ll. 2-3, and that “the
capabilities of the central access controller 15 also include the optional callback measure to enhance the security of the communication system,” id. col.
8, ll. 3-5. The patentee argued that the central controller was “in-band” and
18
while it performs either an access or an authentication function at different
times, “an in-band call back device operating after verification is not an outof-band device which is integral in providing verification.” Defs.’ Ex. 15 at
SF_714.
Similarly, during the prosecution of the ’599 parent patent, the
patentee distinguished the LaDue prior art, which disclosed “logically
defined control channels,” U.S. Patent No. 6,088,431, col. 8, l. 47, including
an “authentication channel,” id. col. 8, ll. 52-53. The patentee argued that
the logically defined channels would not, in combination with Tuai, motivate
the patented invention because the claimed system involved “the extra step
of . . . adding a completely separate authentication channel.” Defs.’ Ex. 16 at
SF_121.
Finally, during the reexamination of the ’599 parent patent, the
patentee summarized his invention as “an ‘out-of-band’ network security
system having an authentication channel that is separated from an
information (i.e. ‘access’) channel and therefore is noninstrusive as the
authentication channel is carried over separate facilities than those used for
actual information transfer.” Defs.’ Ex. 19 at SF_994. In support of the same
reexamination, the patentee also submitted an expert declaration
distinguishing the Woodhill prior art, inter alia, as not disclosing “an out-of19
band authentication channel that is separate from an access channel,”
because although Woodhill disclosed two channels, “both access and
authentication merge in the same network (like the Internet).” Gabberty
Decl., Defs.’ Ex. 20 at SF_1017.
In light of the specification’s clear and consistent definition (as
reflected in the prosecution history), StrikeForce’s rebuttal arguments fail.
StrikeForce insists that because the patents require communication between
the access and authentication channels, see, e.g., ’698 patent, claim 2 (“the
security computer receives the demand and login identification from the
interception device”), the two channels necessarily share facilities. However,
that a security computer may receive data from two channels does not place
the security system into both channels.
Claim 1, upon which claim 2
depends, is clear that while the “interception device [is] in a first channel,”
the “security computer [is] in a second channel.”
StrikeForce also suggests that weight should to be accorded to the
dropping of a narrower interpretation of “out-of-band” that appeared in the
abandoned ’297 application from the issued patents.
See MPHJ Tech.
Investments, LLC v. Ricoh Americas Corp., 847 F.3d 1363, 1369 (Fed. Cir.
2017) (“[I]t is the deletion from the ’798 Provisional application that
contributes understanding of the intended scope of the final application.”).
20
During the prosecution of the ’297 application, the patentee inserted in the
specification the admonition that “[a]n ‘out-of-band’ operation is defined
herein as one conducted without reference to the host computer or any
database in the network.” Defs.’ Ex. 13 at SF_657. The “without reference”
sentence was removed from the specification when the patentee submitted
the applications for the subsequently issued patents.
In MPHJ, the Court found the deletion of the provisional application
step significant because “[t]he ’173 Patent in its final form contains no
statement or suggestion of an intent to limit the claims to the deleted onestep operation.” 847 F.3d at 1369. In contrast, while the admonitory
language does not appear verbatim in the patents at issue here, the
specification continues to emphasize the physical independence of the
authentication channel from the access channel. See ’698 patent, col. 6, ll.
44-47 (“This is in contradistinction to present authentication processes as
the out-of-band security network 40 is isolated from the corporate network
38 and does not depend thereon for validating data.”); id. col. 12, ll. 58-61
(“This is in contradistinction to present authentication processes as the outof-band security network 240 is isolated from the corporate network 238 and
does not depend thereon for validating data.”); id. col. 14, ll. 4-7 (“The
security system 420 has two distinct and independent channels of operation,
21
namely, the access channel and the authentication channel.”). The persistent
emphasis on “isolat[ing]” the “distinct and independent” authentication
channel from the access channel in all the disclosed embodiments also
traverses StrikeForce’s contention that the narrower definition was only
descriptive of the Figure 1A WAN embodiment and not of the invention as a
whole.9
Consistent with the patentee’s own definition and use of the term “outof-band” in the specification and the prosecution history, the court will
construe “access channel” / “first channel” as “an information channel that
is separate from and does not share any facility with the authentication
channel;” and “authentication channel” / “second channel” as “a channel for
performing authentication that is separate from and does not share any
facilities with the access channel.”
StrikeForce additionally asserts that during the prosecution of the
’297 application the patentee struck a bargain with the patent examiner and
accepted the proposal to incorporate the broader Newton’s definition.
Although the patentee noted that his own definition is “consistent” with
Newton’s, ’698 patent, col. 6, l. 18-19, he only accepted Newton’s definition
to the extent that the “agreeable portion of the definition is used.” Pl.’s Ex. 9
at SF_711. There is no evidence anywhere in the intrinsic record that the
patentee ever accepted the “frequency channels” or “time slots” aspect of the
definition as applied to his own invention.
9
22
“multichannel security system” / “security system”
The terms “multichannel security system” and “security system”
appear in the preamble of all but one of the independent claims. 10
Defendants contend that these terms are limiting, arguing that they should
be construed as “a system that operates without reference to a host
computer or any database in a network that includes the host computer.”
StrikeForce maintains that the terms are not limiting, but proposes in the
alternative the following construction: “a security system including an
access/first channel and an authentication/second channel.”
Defendants’ proposed construction incorporates the language that
was removed from the ’297 application. Although defendants accurately
note that during prosecution the patentee distinguished prior art based on
the multichannel/out-of-band nature of the claimed invention, see
Catalina Mktg. Int’l, Inc. v. Coolsavings.com, Inc., 289 F.3d 801, 808 (Fed.
Cir. 2002) (“[C]lear reliance on the preamble during prosecution to
distinguish the claimed invention from the prior art transforms the preamble
into a claim limitation because such reliance indicates use of the preamble to
define, in part, the claimed invention.”), the court agrees with StrikeForce
that the claim elements set out the comprehensive constituent components
10
Claim 25 of the ’698 claim does not recite a security system.
23
or steps of the claimed systems and methods independent of the disputed
preamble terms, see id. at 808 (“[A] preamble is not limiting ‘where a
patentee defines a structurally complete invention in the claim body and uses
the preamble only to state a purpose or intended use for the invention.’”
(citation omitted)). That the claimed systems or methods are “out-of-band”
is already captured by the incorporation of that requirement in the
construction of the access and authentication channels.11 Inserting the same
limitation into the preamble but using different words is both redundant and
confusing. See O2 Micro Intern. Ltd. v. Beyond Innovation Tech. Co., 521
F.3d 1351, 1362 (Fed. Cir. 2008), quoting U.S. Surgical Corp. v. Ethicon,
Inc., 103 F.3d 1554, 1568 (Fed. Cir. 1997) (The purpose of claim construction
is to “clarify,” “not an obligatory exercise in redundancy.”). Thus, the court
will not construe the preamble’s recitation of a “multichannel security
system” / “security system” as a claim limitation.
The two channel limitations appear in each claim that recites a
“multichannel security system” or “security system.”
24
11
ORDER
The three sets of claim terms at issue will be construed for the jury
and for all other purposes in a manner consistent with these rulings of the
court.
SO ORDERED.
/s/ Richard G. Stearns
_________________________
UNITED STATES DISTRICT JUDGE
25
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?