CUPP Cybersecurity LLC et al v. Trend Micro, Inc. et al
Filing
151
CLAIM CONSTRUCTION MEMORANDUM OPINION AND ORDER: The parties are ORDERED not to refer, directly or indirectly, to each other's claim construction positions in the presence of the jury. Likewise, the parties are ORDERED to refrain from mentioning any portion of this opinion, other than the actual definitions adopted by the Court, in the presence of the jury. Any reference to claim construction proceedings is limited to informing the jury of the definitions adopted by the Court. (Ordered by Chief Judge Barbara M. G. Lynn on 12/10/2021) (mla)
<![CDATA[
IN THE UNITED STATES DISTRICT COURT
FOR THE NORTHERN DISTRICT OF TEXAS
DALLAS DIVISION
CUPP CYBERSECURITY, LLC, and CUPP
COMPUTING AS,
§
§
§
§
§
§
§
§
§
§
§
§
§
Plaintiffs,
v.
TREND MICRO, INC., TREND MICRO
AMERICA, INC., and TREND MICRO
INCORPORATED,
Defendants.
Civil Action No. 3:18-cv-1251-M
(Consolidated with
Civil Action No. 3:20-cv-03206-M)
CLAIM CONSTRUCTION MEMORANDUM OPINION AND ORDER
This Order addresses the claim construction disputes presented by Plaintiffs CUPP
Cybersecurity, LLC, and CUPP Computing AS, and Defendants Trend Micro, Inc., Trend Micro
America, Inc., and Trend Micro Incorporated, in CUPP Cybersecurity LLC v. Trend Micro Inc.,
Case No. 3:20-cv-03206-M. 1 The parties submitted opening and responsive claim construction
briefs, and on November 8, 2021, the Court held a claim construction hearing. Having
considered the arguments and evidence presented by the parties, the Court issues this Order.
I.
BACKGROUND
Plaintiffs CUPP Cybersecurity, LLC and CUPP Computing AS (together, “CUPP”) are
security providers for mobile devices, and have “a robust portfolio of inventions related to, inter
alia, mobile devices and removable media, and has invested millions in pioneering new forms of
security for these devices. CUPP’s inventions cover software and hardware based solutions to
1
On November 1, 2021, CUPP Cybersecurity LLC v. Trend Micro Inc., Case No. 3:18-cv-01251-M (“CUPP1”)
was consolidated with CUPP Cybersecurity LLC v. Trend Micro Inc., Case No. 3:20-cv-03206-M (“CUPP2”). This
Order addresses claim construction disputes presented in CUPP2 prior to consolidation. The Court has already
issued a separate order discussing the claim construction disputes presented in CUPP1. See ECF No. 150.
1
problems in mobile device management, network security, DMZ security, and endpoint
security.” Am. Compl. (CUPP2 ECF No. 41 2) ¶ 8. Defendants Trend Micro, Inc., Trend Micro
America, Inc., and Trend Micro Incorporated (together, “Trend Micro”) make a number of
products falling into several categories: user protection products (e.g., Smart Protection
Complete Suit), network defense products (e.g., Advance Threat Protection and Intrusion
Protection), hybrid cloud security products (e.g., Deep Security), worry-free products (e.g.,
Worry-Free Standard), mobile security technology products (e.g., Dr. Safety), control manager
technology, XGen security technology, smart protection network technology, and XDR and
managed XDR technology. Id. ¶¶ 43–54.
CUPP alleges that Trend Micro’s products infringe nine of CUPP’s patents: U.S. Patent
No. 10,417,400 (the “’400 patent”); U.S. Patent No. 10,089,462 (the “’462 patent”); U.S. Patent
No. 10,417,421 (the “’421 patent”); U.S. Patent No. 10,621,344 (the “’344 patent”); U.S. Patent
No. 10,291,656 (the “’656 patent”); U.S. Patent No. 10,666,688 (the “’688 patent”); U.S. Patent
No. 10,162,975 (the “’975 patent”); U.S. Patent No. 10,496,834 (the “’834 patent”); U.S. Patent
No. 10,951,632 (the “’632 patent”). The parties identify one agreed construction and four
disputed terms for the Court’s resolution. The patents containing disputed terms are discussed
below.
a. The ’688 and ’656 patents.
Both the ’688 and ’656 patents are titled “Systems and methods for providing network
security using a secure digital device.” The ’688 patent is a continuation of the ’656 patent and
shares the same specification. The parties agree that the ’688 patent is representative of the ’656
patent for purposes of claim construction.
2
Citations to “CUPP2 ECF” refer to the docket in CUPP Cybersecurity LLC v. Trend Micro Inc., Case No. 3:20-cv03206-M.
2
Trend Micro describes the ’688 patent as broadly disclosing “a mechanism for
intercepting network traffic, analyzing the data in the network traffic to determine if the data is
malicious, and allowing the network traffic to proceed on its original course if the data is
determined not to be malicious.” Resp. (CUPP2 ECF No. 66) at 7. Specifically, the ’688 and
’656 patents describe a security system that can intercept network traffic of a host device, a
traffic virtualization module to generate a virtual file containing the intercepted network traffic,
and modules for enforcing security policies on the network traffic. Br. (CUPP2 ECF No. 62)
at 7. The parties dispute two claim terms appearing in the ’688 and ’656 patents, both of which
appear in claim 1 of the ’688 patent, which claims:
1. A secure digital security system comprising:
a data store;
a file management module configured to receive a transfer file from a host
device over a virtual file interface configured to assist in transferring data at file
transfer speeds between the host device and the secure digital security system,
the transfer file possibly containing a data store command or a virtual file
containing network traffic intercepted at the host device, the transfer file
including header information indicating whether the transfer file includes the
data store command or the virtual file containing the network traffic, the
network traffic including one of incoming network traffic to the host device or
outgoing network traffic from the host device, the data store command
including a particular command to retrieve or store data in the data store;
a controller configured to manage the data store command by retrieving or
storing the data in the data store;
a security policy management module configured to evaluate the network traffic
in the virtual file for compliance with a security policy;
a traffic access determination module configured to generate a security
indication whether to allow or to deny the network traffic in accordance with
the evaluation; and
a module configured to provide to the host device over the virtual file interface
the security indication whether to allow or to deny the network traffic.
’688 patent, cl.1.
3
b. The ’975 and ’834 patents.
Both the ’975 and ’834 patents are titled “Secure computing system.” The ’834 patent is
a continuation of the ’975 patent, and shares the same specification. The parties agree that the
’975 patent is representative of the ’834 patent for purposes of claim construction. The parties
dispute one term in the ’975 and ’834 patents.
The ’975 patent is directed towards a computer system with multiple security levels,
based, in part, on three independent “security aspects”: confidentiality, integrity, and availability.
’975 patent, at 1:62–65. The computer system described by the ’975 patent has multiple security
levels, comprising high-power and low-power processing devices, and an interface unit
comprising functions for moving classified information between the devices according to formal
rules governing the security aspects of confidentiality and/or integrity. Id. at 6:29–39. Claim 1
of the ’975 patent recites:
1. A system comprising:
a virtual machine engine for generating one or more virtual machines, each
virtual machine being generated having a virtual machine confidentiality level
and a virtual machine integrity level, the virtual machine confidentiality level
being selected from at least a higher confidentiality level and a lower
confidentiality level, the virtual machine integrity level being selected from at
least a higher integrity level and a lower integrity level, a first virtual machine
with the higher confidentiality level requiring a stronger confidentiality process
than a second virtual machine with the lower confidentiality level, a third virtual
machine with the higher integrity level requiring a stronger integrity process
than a fourth virtual machine with the lower integrity level;
a first program;
a second program;
a first datastore or data set associated with a first data confidentiality level and
a first data integrity level;
a second datastore or data set associated with a second data confidentiality level
and a second data integrity level;
4
at least one hardware processor configured to:
receive a request to use the first program;
execute a particular virtual machine with a particular virtual machine
confidentiality level and a particular virtual machine integrity level;
use a particular confidentiality process and a particular integrity process
before or while operating the first program by the particular virtual machine,
the particular confidentiality process being associated with the particular
virtual machine confidentiality level, the particular integrity process being
associated with the particular virtual machine integrity level;
allow the first program to read the first data set or from the first datastore,
only if the first data confidentiality level is equal to or lower than the
particular virtual machine confidentiality level, and only if the first data
integrity level is equal to or higher than the particular virtual machine
integrity level; and
allow the first program to write to the first datastore or data set, only if the
first data confidentiality level is equal to or higher than the particular virtual
machine confidentiality level, and only if the first data integrity level is
equal to or lower than the particular virtual machine integrity level.
’975 patent, cl.1.
c. The ’400 patent.
The ’400 patent is titled “Systems and methods for providing real time security and
access monitoring of a removable media device.” The “400 patent describes systems and
methods to provide data and device security in connection with a removable media device
coupled to a media device. The abstract of the ’400 patent states:
In various embodiments, a method comprises detecting a removable media device
coupled to a digital device, authenticating a password to access the removable
media device, injecting redirection code into the digital device, intercepting, with
the redirection code, a request for data, determining to allow the request for data
based on a security policy, and providing the data based on the determination. The
method may further comprise selecting the security policy from a plurality of
security policies based, at least in part, on the password and/or filtering the content
of the requested data. Filtering the content may comprise scanning the data for
malware. Filtering the content may also comprise scanning the data for confidential
information.
5
’400 patent, Abstract.
The parties dispute the meaning of one claim term in claim 9 of the ’400 patent, which
reads:
9. A system comprising:
an operating system of a digital device configured to detect a removable media
device being coupled to an external device port of the digital device;
one or more processors;
memory coupled to the one or more processors, the memory storing instructions
to instruct the one or more processors to implement:
a login module configured to cause, after detecting the removable media
device being coupled to the external device port of the digital device, at least
a portion of redirection code to be generated on the digital device, the
redirection code including an interceptor, a data security policy, and a data
security process, the interceptor configured to intercept a first function call
to the operating system of the digital device before the first function call is
executed by the operating system, the first function call including a request
of the operating system to retrieve data from or write data to the removable
media device, the first function call being initiated by a particular user or a
particular application, the data security process configured to perform a set
of one or more second function calls in response to intercepting the first
function call, the set of one or more second function calls not including the
first function call, the data security policy configured to evaluate data on the
removable security device for malware, and the data security policy
configured to determine whether to allow the first function call based at
least on results of the data security process.
’400 patent, cl. 9.
II.
LEGAL PRINCIPLES
A.
General Principles of Claim Construction
The construction of disputed claims is a question of law for the court. Markman v.
Westview Instruments, Inc., 52 F.3d 967, 971–72 (Fed. Cir. 1995), aff’d, 517 U.S. 370 (1996).
“Ultimately, the interpretation to be given a term can only be determined and confirmed with a
full understanding of what the inventors actually invented and intended to envelop with the
6
claim.” Phillips v. AWH Corp., 415 F.3d 1303, 1316 (Fed. Cir. 2005) (en banc) (citation
omitted). Accordingly, a proper construction “stays true to the claim language and most
naturally aligns with the patent’s description of the invention.” Id. (citation omitted).
“It is a ‘bedrock principle’ of patent law that ‘the claims of a patent define the invention
to which the patentee is entitled the right to exclude.’” Phillips, 415 F.3d at 1312 (quoting
Innova/Pure Water, Inc. v. Safari Water Filtration Sys., Inc., 381 F.3d 1111, 1115 (Fed. Cir.
2004)). Courts first “look to the words of the claims themselves . . . to define the scope of the
patented invention.” Vitronics Corp. v. Conceptronic, Inc., 90 F.3d 1576, 1582 (Fed. Cir. 1996)
(citation omitted). The claim terms are “generally given their ordinary and customary meaning,”
but “a patentee may choose to be his own lexicographer and use terms in a manner other than
their ordinary meaning, as long as the special definition of the term is clearly stated in the patent
specification or file history.” Id. (citation omitted). The “ordinary and customary meaning” of
the terms in a claim is “the meaning that the term[s] would have to a person of ordinary skill in
the art in question at the time of the invention.” Phillips, 415 F.3d at 1313.
When the meaning of a term to a person of ordinary skill in the art is not apparent, a court
is required to consult other sources, including “the words of the claims themselves, the remainder
of the specification, the prosecution history, extrinsic evidence concerning relevant scientific
principles, the meaning of technical terms, and the state of the art.” Id. (citation omitted). A
court must consider the context in which the term is used in an asserted claim or related claims in
the patent, being mindful that “the person of ordinary skill in the art is deemed to read the claim
term not only in the context of the particular claim in which the disputed term appears, but in the
context of the entire patent, including the specification.” Id. The specification is “always highly
relevant to the claim construction analysis” and is “the single best guide to the meaning of a
7
disputed term.” Id. at 1315 (quoting Vitronics, 90 F.3d at 1582). For example, should the
specification reveal that a claim term has been given a special definition by the patentee that is
different from the ordinary meaning of the term, the inventor’s lexicography is controlling. Id. at
1316. Furthermore, if the specification reveals an intentional disclaimer or disavowal of claim
scope by the patentee, the claim scope dictated by the specification is controlling. Id.
Finally, in construing claims, a court may consult extrinsic evidence, including “expert
and inventor testimony, dictionaries, and learned treatises.” Phillips, 415 F.3d at 1317 (citing
Markman, 52 F.3d at 980). Technical dictionaries may assist a court in “‘better understand[ing]
the underlying technology’ and the way in which one of skill in the art might use the claim
terms.” Id. at 1318 (quoting Vitronics, 90 F.3d at 1584 n.6). Expert testimony may also be
helpful to “provide background on the technology at issue, to explain how an invention works, to
ensure that the court’s understanding of the technical aspects of the patent is consistent with that
of a person of skill in the art, or to establish that a particular term in the patent or the prior art has
a particular meaning in the pertinent field.” Id. (citation omitted).
Although extrinsic evidence may “shed useful light on the relevant art,” it is considered
“less significant than the intrinsic record.” Id. at 1317 (quoting C.R. Bard, Inc. v. U.S. Surgical
Corp., 388 F.3d 858, 862 (Fed. Cir. 2004)). More simply, “extrinsic evidence may be useful to
the court, but it is unlikely to result in a reliable interpretation of patent claim scope unless
considered in the context of the intrinsic evidence.” Id. at 1319. Accordingly, “a court should
discount any expert testimony ‘that is clearly at odds with the claim construction mandated by
the claims themselves, the written description, and the prosecution history, in other words, with
the written record of the patent.’” Id. at 1318 (quoting Key Pharms. v. Hercon Labs. Corp., 161
F.3d 709, 716 (Fed. Cir. 1998)).
8
III.
AGREED CONSTRUCTION
The parties have agreed to the following construction set forth in their Joint Claim
Construction Chart (CUPP2, ECF No. 68):
Term
“power management mode”
• ’632 patent, claims 1, 16
IV.
Agreed Construction
A mode where the mobile device conserves power
CONSTRUCTION OF DISPUTED TERMS
A.
“file transfer speeds”
Disputed Term
“file transfer speeds”
• ’688 patent, claims 1, 6
• ’656 patent, claims 1, 10
CUPP’s Proposed
Construction
Plain and ordinary
meaning.
Trend Micro’s
Proposed Construction
Indefinite
The Parties’ Positions
CUPP argues that “file transfer speeds” should be construed according to its plain and
ordinary meaning, because a POSITA would know, based on the specification and prosecution
history, that this term means “the speed a file is transferred.” Reply (ECF No. 69) at 5.
According to CUPP, the speed a file is transferred would depend on the particular device at
issue. CUPP further argues that in the context of the specification, this term means “the speed
that does not cause errors or timeouts in the underlying computer system.” Id. at 6. For support,
CUPP points to the declaration and deposition testimony of its expert, Dr. Goodrich, as well as a
dictionary definition defining “file transfer” as “[t]he process of moving or transmitting a file
from one location to another, as between two programs or over a network.” CUPP App. Vols. I,
II (ECF Nos. 63, 64) at Pltf. App. 137, 156, 315.
Trend Micro argues that the term “file transfer speeds” as it appears in the claims of the
’688 and ’656 patents is indefinite, because the claims, specifications, and file histories do not
9
inform a POSITA about the scope of the invention with reasonable certainty. Trend Micro notes
that both sides’ experts agree that “file transfer speed” is not a term of art, and that the only
guidance regarding the meaning of “file transfer speeds” is from the following passage of the
specification:
Portable electronic devices, such as Android® smartphones and tablet devices,
often use secure digital (SD) devices, e.g., SD cards, to store and retrieve files and
other data. Secure digital devices typically do not support network traffic for host
devices, or at best only support network traffic at transfer speeds that are
unreasonably slow (e.g., 100’s kb/s), especially compared to the file transfer
speeds of these secure storage devices (e.g., 10’s MB/s).
’688 patent, at 4:2–6 (emphasis added).
Based on this passage, Trend Micro states a POSITA would only know that “10’s MB/s”
would qualify as a file transfer speed, but “100’s kb/s” would not. Without additional data points
or information, the specification does not provide reasonable certainty about the bounds of the
claim—i.e., what would qualify as “file transfer speeds” capable of satisfying the claim. Trend
Micro further argues that to adopt CUPP’s proposal would effectively read out the requirement
in the claims that the files in question be transferred at “file transfer speeds.” According to
Trend Micro, CUPP’s proposed construction renders this limitation meaningless, because it
would permit any speed at which a file is transferred to qualify as a “file transfer speed,” making
the claim language superfluous.
Analysis
The issue presented is whether, based on the specification and prosecution history, claims
1 and 6 of the ’688 patent, and claims 1 and 10 of the ’656 patent are indefinite because the term
“file transfer speeds” used in those claims fails to inform a POSITA about the scope of the
claimed invention with reasonable certainty. The Court concludes that the term “file transfer
speeds” is indefinite.
10
Title 35, § 112(b) of the United States Code requires that a patent specification shall
“conclude with one or more claims particularly pointing out and distinctly claiming the subject
matter which the inventor or a joint inventor regards as the invention.” The Supreme Court has
held this definiteness provision “to require that a patent’s claims, viewed in light of the
specification and prosecution history, inform those skilled in the art about the scope of the
invention with reasonable certainty.” Nautilus, Inc. v. Biosig Instruments, Inc., 572 U.S. 898,
910 (2014). “The claims, when read in light of the specification and the prosecution history,
must provide objective boundaries for those of skill in the art.” Interval Licensing LLC v. AOL,
Inc., 766 F.3d 1364, 1371 (Fed. Cir. 2014). If a claim does not satisfy these requirements, it is
invalid as indefinite under § 112. Nautilus, 572 U.S. at 901. “[I]ndefiniteness is a question of
law and in effect part of claim construction.” ePlus, Inc. v. Lawson Software, Inc., 700 F.3d 509,
517 (Fed. Cir. 2012).
Claim 1 of the ’688 patent, which the parties agree is representative for purposes of claim
construction, describes a secure digital security system comprising, in part, “a file management
module configured to receive a transfer file from a host device over a virtual file interface
configured to assist in transferring data at file transfer speeds between the host device and the
secure digital security system.” ’688 patent, cl.1. Thus, the claim describes an interface that
assists with data being transferred between the host device and the secure digital security system
not at any speed, but specifically “at file transfer speeds.” Omitting this phrase would give the
claim a broader meaning, and accordingly, the “at file transfer speeds” language is a narrowing
limitation. See Bicon, Inc. v. Straumann Co., 441 F.3d 945, 950 (Fed. Cir. 2006) (“[C]laims are
interpreted with an eye toward giving effect to all terms in the claim.”).
11
CUPP first contends that “file transfer speeds” means the speed at which a file is
transferred, and at oral argument, contended that, for a given device, any speed at which a file is
transferred would satisfy the limitation. However, construing “file transfer speeds” simply to
mean the speed at which any given file is transferred would render that language purely
descriptive, as opposed to limiting; in effect, the claim term would amount to nothing more than
an observation that files should be transferred at the speed at which they are transferred. As
interpreted by CUPP, this language is effectively meaningless; indeed, during oral argument,
when pressed by the Court as to what limitation would be removed if the words “at file transfer
speeds” were omitted from the claim under its proposed construction, CUPP had no response.
Having drafted the claim to include this language, CUPP cannot now argue that “at file transfer
speeds” is merely descriptive; to do would render the scope of the patent ambiguous, “leaving
examiners and the public to guess about which claim language the drafter deems necessary to his
claimed invention and which language is merely superfluous, nonlimiting elaboration.” Bicon,
441 F.3d at 950.
CUPP’s alternative proposal—that “file transfer speed” refers to the speed that does not
cause errors or timeouts in the underlying computer system—fares no better. Nothing in the
specification references timeouts or errors, the parties’ experts agree that “file transfer speed” is
not a term of art, and CUPP points to no dictionary or treatise to support its proposal. Instead,
the only evidence in the record supporting this interpretation is deposition testimony from
CUPP’s expert, Dr. Goodrich, which the Court concludes is not specific or certain enough to
suggest a POSITA would reach the same conclusion regarding the meaning of “file transfer
speeds” in the patents. See Pltf. App. 137 (“Q: Okay. So what is the plain and ordinary meaning
12
of file transfer speed. A: . . . I would say, just sitting here today, it’s the speed at which a file
can be transferred without there being an errors or timeouts in the system.” (emphasis added)).
Having concluded that “file transfer speeds” must mean something beyond merely the
speed at which files are transferred, and that CUPP’s alternative proposal lacks support, the
Court looks to the specification. Apart from the claims, the only references to “file transfer
speeds,” “speed,” or “speeds” in the patents is a single passage in the specification, quoted
previously, that distinguishes between “unreasonably slow” transfer speeds in the hundreds of
kilobits per second range, and file transfer speeds of secure digital devices in the tens of
megabytes per second range. See ’688 patent, at 4:2–6. The specification next states that,
“[a]ccordingly, various embodiments . . . capitalize on the rapid file transfer capabilities of
secure digital devices to scan and evaluate network traffic for compliance with security policies.”
Id. at 4:7–10.
Based on this disclosure, a POSITA would understand that speeds of “10’s MB/s” qualify
as a “file transfer speed” as that term is used in the claim. Beyond that, the specification
provides no clear guidance as to its bounds. Speeds of “100’s kb/s” are distinguished from “file
transfer speeds” as being unreasonably slow; Dr. Goodrich, CUPP’s expert, agreed that a
POSITA would realize that “going at that alternative slow speed, that’s not a file transfer speed.”
Pltf. App. 137. However, the distinction between “slow,” “unreasonably slow,” and “file
transfer speeds” is undefined, and made further unclear by the fact that the sole data points
provided in the specification—100 kb/s and 10 MB/s—are described as being merely exemplary.
In sum, the specification does not provide sufficient guidance of the meaning of transferring data
“at file transfer speeds” to give notice to the public of the boundaries between infringing and
innocent activity.
13
Accordingly, the Court concludes that the specifications of the ’688 and ’656 patents do
not inform a POSITA about the scope of “file transfer speeds” with reasonable certainty. Trend
Micro has proven that claims 1 and 6 of the ’688 patent, and claims 1 and 10 of the ’656 patent
are each indefinite under § 112.
B.
“virtual file”
Disputed Term
“virtual file”
• ’688 patent, claims 1, 6
• ’656 patent, claims 1, 10
CUPP’s Proposed
Construction
Plain and ordinary
meaning
Trend Micro’s
Proposed Construction
Indefinite
The dispute regarding the term “virtual file” in the ’688 and ’656 patents is whether,
based on the specification and prosecution history, claims 1 and 6 of the ’688 patent, and claims
1 and 10 of the ’656 patent are indefinite because the term “virtual file” fails to inform a
POSITA about the scope of the claimed invention with reasonable certainty. CUPP argues that
“virtual file” should be construed according to its plain and ordinary meaning, whereas Trend
Micro responds that it is indefinite under § 112.
However, the Court has already concluded that these claims are each indefinite under
§ 112 for including the term “file transfer speeds,” and accordingly, does not reach the parties’
dispute as to whether these claims are indefinite for including the term “virtual file.”
14
C.
“a login module configured to case . . . at least a portion of redirection code
to be generated on the digital device”
Disputed Term
“a login module configured to cause,
after detecting the removable media
device being coupled to the external
device port of the digital device, at least
a portion of redirection code to be
generated on the digital device”
• ’400 patent, claim 9
CUPP’s Proposed
Construction
Plain and ordinary
meaning
Trend Micro’s
Proposed Construction
§ 112 ¶ 6 (pre-AIA)
Function: Configured to
cause, after detecting
the removable media
device being coupled to
the external device port
of the digital device, at
least a portion of the
redirection code to be
generated on the digital
device.
Structure: None
disclosed/indefinite
The parties dispute whether the “a login module . . .” term in claim 9 of the ’400 patent is
a means-plus-function claim element. A means-plus-function claim element triggers 35 U.S.C.
§ 112 ¶ 6 (pre-AIA) / § 112(f) (AIA), 3 which allows an applicant to express a claim limitation
“as a means or step for performing a specified function without the recital of structure, material,
or acts in support thereof,” and provides that “such claim[s] shall be construed to cover the
corresponding structure, material, or acts described in the specification and equivalents thereof.”
35 U.S.C. § 112 ¶ 6; see also Ergo Licensing, LLC v. CareFusion 303, Inc., 673 F.3d 1361, 1363
(Fed. Cir. 2012). In other words, a means-plus-function claim element allows the patentee to use
a generic means to express a claim limitation, but the specification must disclose the
corresponding structure. Ergo Licensing, LLC, 673 F.3d at 1363 (quoting Biomedino, LLC v.
Waters Techs. Corp., 490 F.3d 946, 948 (Fed. Cir. 2007)). Thus, construction of a means-plus-
3
The ’400 patent claims priority to Application No. 12/622,386, which was filed on November 19, 2009.
Accordingly, because the priority date of the ’400 patent predates the March 16, 2013, effective date of the AIA, the
’400 patent is subject to the pre-AIA § 112 ¶ 6.
15
function limitation consists of two steps: (1) identifying the claimed function, and (2)
determining what, if any, structure in the specification corresponds with that function. Cardiac
Pacemakers, Inc. v. St. Jude Med., Inc., 296 F.3d 1106, 1113 (Fed. Cir. 2002). The court must
construe the function to include only those limitations in the claim language. Id. “It is improper
to narrow the scope of the function beyond claim language” or to broaden the scope by
disregarding limitations in the claims themselves. Id. (indicating further that “[o]rdinary
principles of claim construction govern interpretation of the claim language used to describe the
function”).
The Parties’ Positions
CUPP argues that the “a login module . . .” limitation is not a means-plus-function term
because the claim language describes the operation of the login module sufficiently such that the
structure is in the claim itself. In addition, CUPP points to statements made by the examiner
during prosecution indicating that the structure of the login module is software.
Trend Micro argues that the “a login module . . .” term in claim 9 of the ’400 patent
should be construed as a means-plus-function limitation, and that it does not disclose sufficient
structure and is therefore indefinite. Trend Micro points to the claim’s use of the word
“module,” which the Federal Circuit has recognized is a “well-known nonce word that can
operate as a substitute for ‘means,’” and the fact that “login module” has no established meaning
in the industry. See Resp. at 29 (quoting Rain Computing, Inc. v. Samsung Elecs. Am., Inc., 989
F.3d 1002, 1006 (Fed. Cir. 2021)). Trend Micro contends that the “a login module . . .”
limitation discloses two functions—“detecting the removable media device being coupled to the
external device port of the digital device” and, after detection, a “generating” function, namely
causing at “least a portion of redirection code to be generated on the digital device”—and that
16
because neither the claim nor the specification provide the associated structure for performing
those functions, the claim is indefinite.
Analysis
The parties’ first dispute is whether the “a login module . . .” claim term is a means-plusfunction limitation subject to § 112 ¶ 6. The Court concludes that it is not.
The claim does not use the word “means.” The Federal Circuit has held that avoidance of
the word “means” creates a rebuttable presumption that § 112 ¶ 6 does not apply. See Zeroclick,
LLC v. Apple Inc., 891 F.3d 1003, 1007 (Fed. Cir. 2018). To overcome that presumption, Trend
Micro must demonstrate by a preponderance of the evidence that the claim term fails to recite
sufficiently definite structure or recites function without reciting structure for performing that
function. See id.; Williamson v. Citrix Online, LLC, 792 F.3d 1339, 1348 (Fed. Cir. 2015) (en
banc). “[T]he mere fact that the disputed limitations incorporate functional language does not
automatically convert the words into means for performing such functions.” Zeroclick, 891 F.3d
at 1008. Instead, the inquiry “depends on whether persons skilled in the art would understand
the claim language to refer to structure, assessed in light of the presumption that flows from the
drafter’s choice not to employ the word ‘means.’” Samsung Elecs., Am., Inc. v. Prisua Eng’g
Corp., 948 F.3d 1342, 1354 (Fed. Cir. 2020). “That determination must be made under the
traditional claim construction principles, on an element-by-element basis, and in light of
evidence intrinsic and extrinsic to the asserted patents.” Zeroclick, 891 F.3d at 1007.
Here, the limitation at issue does not use the word “means,” but rather “module”; § 112
¶ 6 presumptively does not apply unless Trend Micro establishes that the claim term fails to
17
describe sufficiently definite structure. 4 See id. Claim 9 recites a system comprising an
operating system of a digital device configured to detect a removable media device being
coupled to the digital device, one or more processors, and memory coupled to said processor(s)
storing instructions to instruct the processor(s) to implement “a login module . . . ,” the term at
issue here.
CUPP maintains that the structure of the login module is software, pointing to a statement
by the patent examiner during prosecution, recognizing that “the processor implements the login
module” and “[a]s such the examiner has interpreted the structure [of the] module[] to be
software.” 5 Pltf. App. 190. Similarly, the declaration of Trend Micro’s expert, Dr. Jakobsson,
states that “around 2008, a POSITA might have assumed that a ‘login module’ refers to software
that requires a username and/or password to allow access to a device or software.” Trend Micro
App. (ECF No. 67) at Def. App. 63. Dr. Jakobsson goes on to challenge that assumption in the
context of claim 9 of the ’400 patent, 6 but seemingly concedes that a POSITA would understand
“login module,” as it is used in the context of the claim, to refer to software. CUPP’s expert, Dr.
Goodrich, likewise states in his declaration that a POSITA would understand “module” to refer
4
The Court notes that several of the cases holding that “module” was used a nonce word, and a substitute for
“means,” did so based on the patentee’s express acknowledgment that, as used in the claim, “module” was a nonce
word or had no commonly understood meaning and was not known by a POSITA to connote a particular structure.
See Rain Computing, Inc. v. Samsung Elecs. Am., Inc., 989 F.3d 1002, 1006 (Fed. Cir. 2021); Williamson, 792 F.3d
at 1350–51. CUPP makes no such concession here, and accordingly, the fact that the Federal Circuit has previously
recognized “module” as a nonce word similar to means is not dispositive.
5
The examiner initially rejected the claim under § 112 ¶ 6 “because it uses . . . a generic placeholder ‘module’
coupled with functional language “login . . .” without reciting sufficient structure to achieve the function” and “the
generic placeholder is not preceded by a structural modifier.” Pltf. App. 362. The claim was subsequently amended
to add the limitations “one or more processors” and “memory coupled to the one or more processors, the memory
storing instructions to instruct the processor to implement:” a login module. See U.S. Patent Application Serial No.
14/337,101, Docket No. 18EL-202029, Amendment and Response to Non-Final Office Action, at cl.11 (Dec. 1,
2015).
6
Specifically, Dr. Jakobsson states that the claimed function of the “login module” does not require verification of a
user’s identity or password, and thus “[a]n assumption that the ‘login module’ verifies a username and/or password
therefore would be incorrect.” Def. App. 64. However, Dr. Jakobsson does not contend that a POSITA’s
assumption that the login module refers to software is incorrect.
18
to “a collection of commands or statements in a computer program to be executed by a processor
with . . . predefine[d] routines and instructions.” Pltf. App. 317.
Trend Micro argues that, even if the login module is software, the claim still lacks
sufficient structure because the term is “untethered to any structure in the specification and
followed by purely functional claim language.” Resp. at 33. Admittedly, in claim 9, “a login
module . . .” is followed by language denoting some function; it describes how the module is
configured to cause, “after detecting the removable media device being coupled to the external
device port of the digital device, at least a portion of redirection code to be generated on the
digital device.” ’400 patent, cl.9. However, the inclusion of functional language does not alone
transform the claim into a means-plus-function limitation. See Zeroclick, 891 F.3d at 1008.
Moreover, when construing the limitation in context, the Court disagrees that the language is
untethered to any structure. For instance, Trend Micro argues that the login module performs the
function of “detecting” the coupling of the removable media device to the external device port of
the digital device; however, the claim makes clear that the operating system on the digital device
is capable of performing that exact function. 7 Similarly, the claim specifies the structure and
capabilities of the redirection code generated by the login module, namely that the redirection
code includes an interceptor, a data security policy, and a data security process, and that the
interceptor is configured to intercept function calls to the operating system of the digital device
and perform other function calls in response, in accordance with the specific language of the
7
In addition, unlike other claims in the ’400 patent which specify that the login module is not located on the digital
device, where the operating system is located, there is no such limitation in claim 9. Compare ’400 patent, cl.1 (“the
removable media device having a login module”), id. cl.17 (“the removable media device having a login module”),
with id. cl.9.
19
claim. 8 See ’400 patent, cl.9. Put differently, the claim provides the algorithm—i.e., structure—
of the redirection code. 9
Moreover, the Court concludes that, reading “login module” in the context of the
specification, there is sufficient structure such that the presumption against § 112 ¶ 6 is not
rebutted. For instance, the specification describes various means by which the login module
generates redirection code:
The login module 1920 detects when the removable media device 1904 is coupled
with the digital device 1902 and executes instructions to generate the redirection
module 1910. In some embodiments, the login module 1920 requires that the user
provides a password and/or a user name prior to the generation of the redirection
module 1910. The login module 1920 may then execute a set up program to
generate the redirection module 1910 on the digital device 1902. In one example,
when the removable media device 1904 is coupled to the digital device 1902, the
digital device 1902 may see the removable media device 1904 as a CD. The login
module 1920 may provide an extended login executable file (e.g., EXT-login. Exe
1922) which may be auto-run by the digital device 1902 which generates the
redirection module 1910.
’400 patent, at 22:31–45.
Accordingly, the Court concludes that Trend Micro has not established that claim 9 fails
to describe sufficiently definite structure for the challenged “a login module . . .” limitation, and
therefore § 112 ¶ 6 does not apply. The parties raise no other claim construction dispute related
8
Specifically, claim 9 specifies that the interceptor is configured to “to intercept a first function call to the operating
system of the digital device before the first function call is executed by the operating system, the first function call
including a request of the operating system to retrieve data from or write data to the removable media device, the
first function call being initiated by a particular user or a particular application, the data security process configured
to perform a set of one or more second function calls in response to intercepting the first function call, the set of one
or more second function calls not including the first function call, the data security policy configured to evaluate
data on the removable security device for malware, and the data security policy configured to determine whether to
allow the first function call based at least on results of the data security process.” ’400 patent, cl.9.
9
The Court notes that computer-implemented claims do not necessarily need to provide an algorithm in the claims
to avoid the application of § 112 ¶ 6. See, e.g., Mad Dogg Athletics, Inc. v. Peloton Interactive, Inc., No. 2:20-CV00382-JRG, 2021 WL 3200994, at *15 (E.D. Tex. July 28, 2021) (“[T]he claims themselves do not necessarily need
to provide an algorithm for a computer-directed claim term to avoid the ambit” of § 112 ¶ 6 (citing Apple Inc. v.
Motorola, Inc., 757 F.3d 1286, 1298 (Fed. Cir. 2014)).
20
to this limitation, and accordingly, the Court construes ““a login module . . .” according to its
plain and ordinary meaning.
D.
“integrity level”
Disputed Term
“integrity level”
• ’975 patent, claims 1, 13
• ’834 patent, claims 1, 15
CUPP’s Proposed
Construction
Plain and ordinary
meaning.
Trend Micro’s
Proposed Construction
A value, separate from
the confidentiality level,
that indicates reliability
The Parties’ Position
CUPP argues that “integrity level” should be construed according to its plain and
ordinary meaning, namely a measure of the trustworthiness or reliability of information.
According to CUPP, because the patent recites both an “integrity level” and a “confidentiality
level,” a POSITA would already understand that the two concepts are distinct. CUPP argues that
including the word “separate” in the construction would read out an embodiment of the invention
described in the specification, citing the following passage in which security aspects are
expressed as a related pair:
As noted above, different aspects of security, e.g. confidentiality, integrity and
availability, are independent of each other. Thus, if there are two levels of integrity,
e.g. {low, high} and two levels of confidentiality, e.g. {public, restricted} there
could be four different virtual machines running {low, public}, {low, restricted},
{high, public} and {high, restricted} respectively.
’975 patent, at 12:50–56; see Br. at 22–23.
In addition, based on testimony from its expert, Dr. Goodrich, CUPP contends that Trend
Micro’s proposed construction is incorrect because security aspects, while being distinct, may
still be related. CUPP further contends that Trend Micro’s inclusion of the word “value” in its
proposed construction unnecessarily adds confusion.
21
Trend Micro responds that while the parties agree that “integrity” levels indicate
reliability, the parties disagree as to whether the recited integrity level must be separate from the
confidentiality level recited in the claims. Trend Micro points to the ’975 patent’s description of
the confidentiality, integrity, and availability security aspects, and in particular the observation
that “[i]t should also be understood that all aspects of security herein are independent of each
other.” ’975 patent, 1:67–2:4. Trend Micro also points to a disclaimer in the specification of
prior art security models that combined integrity and confidentiality, noting that such an
approach is “a confusion of terms” and, in contrast, “[i]n this disclosure, integrity and
confidentiality are regarded as completely independent of each other.” Id. at 2:49–55.
Accordingly, because the claims and specification consistently treat the integrity level and
confidentiality level separately, Trend Micro contends that the Court should construe the
integrity level to be separate—i.e., a separate and distinct value—from the confidentiality level.
Analysis
The issue in dispute is whether the “confidentiality level” and “integrity level” are
separate. The Court concludes that they are.
The specification makes abundantly clear that integrity and confidentiality describe
different concepts and are “completely independent” of each other; the specification describes
how “information may be more or less reliable regardless of its level of confidentiality, and that
a computer process may be assigned clearance along a confidentiality axis regardless of its
assigned clearance along an integrity axis.” Id. at 2:52–60. In addition, the integrity and
confidentiality levels are treated as separate and independent by the claims. For example, claim
1 of the ’975 patent describes an engine for generating virtual machines, each with a virtual
machine confidentiality level and integrity level, the confidentiality level “being selected from at
22
least a higher confidentiality level and a lower confidentiality level,” and the integrity level
“being selected from at least a higher integrity level and a lower integrity level.” Id. at cl.1.
It is clear from these disclosures that the confidentiality and integrity levels are assigned
separately and independently—i.e., selection of a particular confidentiality level has no effect on
the selection of the integrity level. Moreover, there is no support in either the specification or the
claims to suggest that the confidentiality and integrity levels are not represented separately
within the system. Instead, the security aspects are referred to as separate values; for example,
the specification describes an embodiment with two levels of integrity (“{low, high}”) and two
levels of confidentiality (“{public, restricted}”), which results in four potential combinations,
{low, public}, {low, restricted}, {high, public}, {high, restricted}. Id. at 12:50–56. CUPP
points to nothing to suggest that a single level—for example, {low}—could represent both the
confidentiality level and the integrity level, while maintaining the requisite independence
articulated by the patent. In addition, CUPP’s concern that the fact that confidentiality and
integrity can be described as paired variables means they are not separate from each other is
unsupported; on the contrary, the specification makes clear that these different security aspects
can be presented as pairs but remain independent. See id.
In sum, the Court agrees with Trend Micro that based on the claims and the specification
of the ’975 and’834 patents, the “integrity level” is separate from the confidentiality level and
indicates reliability. However, the Court declines to introduce unnecessary ambiguity by using
the word “value” in its construction, and accordingly construes “integrity level” to mean “a
security aspect, separate from the confidentiality level, that indicates reliability.”
23
V.
CONCLUSION
The Court adopts the constructions set forth above, as summarized in the following table.
The Court further finds that claims 1 and 6 of the ’688 patent, and claims 1 and 10 of the ’656
patent are each indefinite under § 112 because of the inclusion of the term “file transfer speeds.”
The parties are ORDERED not to refer, directly or indirectly, to each other’s claim
construction positions in the presence of the jury. Likewise, the parties are ORDERED to
refrain from mentioning any portion of this opinion, other than the actual definitions adopted by
the Court, in the presence of the jury. Any reference to claim construction proceedings is limited
to informing the jury of the definitions adopted by the Court.
Term
“power management mode”
• ’632 patent, claims 1, 16
“a login module configured to cause, after
detecting the removable media device being
coupled to the external device port of the
digital device, at least a portion of redirection
code to be generated on the digital device”
• ’400 patent, claim 9
“integrity level”
• ’975 patent, claims 1, 13
• ’834 patent, claims 1, 15
Construction
A mode where the mobile device conserves
power
Plain and ordinary meaning
A security aspect, separate from the
confidentiality level, that indicates reliability
SO ORDERED.
December 10, 2021.
BARBARA M. G. LYNN
CHIEF JUDGE
24
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
