ANCORA TECHNOLOGIES, INC., v. HTC AMERICA, INC., HTC CORPORATION, FEDERAL CIRCUIT 2018 (SOFTWARE PATENTS))

Ancora Technologies, Inc.’s U.S. Patent 6,411,941 is entitled “Method of Restricting Software Operation Within a License Limitation.”  The patent describes and claims methods of limiting a computer’s running of software not authorized for that computer to run.

Ancora brought this action against HTC America and HTC Corporation alleging infringement of the patent.  HTC moved to dismiss on the ground that the patent’s claims are invalid because their subject matter is ineligible for patenting under 35 U.S.C § 101.  The district court granted HTC’s motion to dismiss, concluding that the claims are directed to, and ultimately claim no more than, an abstract idea.

Claim 1 is representative and recites:

1.  A method of restricting software operation within a license for use with a computer including
an erasable, non-volatile memory area of a BIOS of the computer, and a volatile memory area; the method comprising the steps of:
     selecting a program residing in the volatile memory,
     using an agent to set up a verification structure in the erasable, non-volatile memory of the BIOS, the verification structure accommodating data that includes at least one license record,
     verifying the program using at least the verification structure from the erasable non-volatile memory of the BIOS, and
     acting on the program according to the verification.
The Federal Circuit cited some cases in which software was found to be patentable.  They noted that in Enfish, they held that the patent claims were not directed to an abstract idea because the claimed self-referential tables improved the way that computers operated and handled data. The claimed self-referential tables allowed the more efficient launching and adaptation of databases.
In Visual Memory LLC v. NVIDIA Corp., the Federal Circuit drew a similar conclusion about claims focused on a specific improvement in computer memory.  The district court had determined that the claims were directed to the abstract concept of categorical data storage.  The Federal Circuit determined that the district court had erred because the patent was specifically “directed to an improved computer memory system, not to the abstract idea of categorical data storage,” and therefore was not directed to an abstract idea.  The claims were specific and limited to certain types of data to be stored.
In Finjan, the Federal Circuit held that claims to a “behavior-based virus scan” were a specific improvement in computer functionality and hence not directed to an abstract idea.  The claimed technique of scanning enabled “more flexible and nuanced virus filtering” and detection of potentially dangerous code.  The claims thus were directed to “a non-abstract improvement in computer functionality” having the benefit of achieving greater computer security.
In Core Wireless Licensing S.A.R.L. v. LG Electronics, Inc., the Federal Circuit held that claims to a method for making websites easier to navigate on a small-screen device were not directed to an abstract idea.
In Data Engine Technologies LLC v. Google LLC, the Federal Circuit held that claims to “a specific method for navigating through three-dimensional electronic spreadsheets” were “not directed to an abstract idea.”  The method provided “a specific solution to then-existing technological problems in computers and prior art electronic spreadsheets.”  The navigation difficulties of prior-art spreadsheets were addressed “in a particular way—by providing a highly intuitive, user-friendly interface with familiar notebook tabs for navigating the three dimensional worksheet environment.”  The Federal Circuit distinguished other cases in which we had held claims to be “simply directed to displaying a graphical user interface or collecting, manipulating, or organizing information”; the claims in Data Engine, they concluded, recite “a specific structure (i.e., notebook tabs) within a particular spread-sheet display that performs a specific function (i.e., navigating within a three-dimensional spreadsheet).”
In accordance with those precedents, the Federal Circuit concluded that claim 1 of the patent is not directed to an abstract idea.  Improving security—here, against a computer’s unauthorized use of a program—can be a non-abstract computer-functionality improvement if done by a specific technique that departs from earlier approaches to solve a specific computer problem, as was the case in Finjan.
The claimed method here specifically identifies how that functionality improvement is effectuated in an assertedly unexpected way: a structure containing a license record is stored in a particular, modifiable, non-volatile portion of the computer’s BIOS, and the structure in that memory location is used for verification by interacting with the distinct computer memory that contains the program to be verified. In this way, the claim addresses a technological problem with computers: vulnerability of license-authorization software to hacking.   In short, claim 1 of the ’941 patent is directed to a solution to a computer- functionality problem: an improvement in computer functionality that has “the specificity required to transform a claim from one claiming only a result to one claiming a way of achieving it.”  It therefore passes muster under Alice step one , as it is not directed to patent-ineligible subject matter.

Finjan Inc., v. Blue Coat Systems, Inc., Federal Circuit 2018 (Software Patents)

Finjan brought suit against Blue Coat for infringement of software patents directed to identifying and protecting against malware.  One of the software patents is directed to a method of providing computer security by scanning a downloadable and attaching the results of that scan to the downloadable itself in the form of a “security profile.”

Claim 1 of the patent reads:

1. A method comprising:

  • receiving by an inspector a Downloadable;
  • generating by the inspector a first Downloadable security profile that identifies suspicious code in the received Downloadable; and
  • linking by the inspector the first Downloadable security profile to the Downloadable before a web server makes the Downloadable available to web clients.

The parties agreed that “Downloadable” should be construed to mean “an executable application program, which is downloaded from a source computer and run on the destination computer.” Additionally, the district court construed “Downloadable security profile that identifies suspicious code in the received Downloadable” to mean “a profile that identifies code in the received Downloadable that performs hostile or potentially hostile operations.”

The Federal Circuit noted that they had previously determined in Intellectual Ventures I LLC v. Symantec Corp. that, by itself, virus screening is well-known and constitutes an abstract idea. They also found that performing the virus scan on an intermediary computer—so as to ensure that files are scanned before they can reach a user’s computer— is a “perfectly conventional” approach and is also abstract.   However, they felt that, here, the claimed method does a
good deal more.

The method of claim 1 scans a downloadable and attaches the virus scan results to the downloadable in the form of a newly generated file:  a “security profile that identifies suspicious code in the received Downloadable.”

The district court’s claim construction decision emphasized that this “identify suspicious code” limitation can only be satisfied if the security profile includes “details about the suspicious code in the received downloadable, such as . . . ‘all potentially hostile or suspicious code operations that may be attempted by the Downloadable.’”  The security profile must include the information about potentially hostile operations produced by a “behavior-based” virus scan. This operation is distinguished from traditional, “code-matching” virus scans that are limited to recognizing the presence of previously-identified viruses, typically by comparing the code in a downloadable to a database of known suspicious code. The question, then, is whether this behavior-based virus scan constitutes an improvement in computer functionality. The Federal Circuit believes that it does.

The “behavior-based” approach to virus scanning was pioneered by Finjan and is disclosed in the software patent’s specification.  Traditional “code-matching” systems simply look for the presence of known viruses.

“Behavior-based” scans can analyze a downloadable’s code and determine whether it performs potentially dangerous or unwanted operations—such as renaming or deleting files. Because security profiles communicate the granular information about potentially suspicious code made available by behavior-based scans, they can be used to protect against previously unknown viruses as well as “obfuscated code”—known viruses that have been cosmetically modified to avoid detection by code-matching virus scans.

The security profile approach also enables more flexible and nuanced virus filtering. After an inspector generates a security profile for a downloadable, a user’s computer can determine whether to access that downloadable by reviewing its security profile according to the rules in whatever “security policy” is associated with the user. Administrators can easily tailor access by applying different security policies to different users or types of users. And having the security profile include information about particular potential threats enables administrators to craft security policies with highly granular rules and to alter those security policies in response to evolving threats.

The Federal Circuit’s cases confirm that software inventions can make “non-abstract improvements to computer technology” and be deemed patent-eligible subject matter at step 1 of the Alice software patent inquiry. In Enfish, for example, the Federal Circuit determined that claims related to a database architecture that used a new, self-referential logical table were non-abstract because they focused on “an improvement to computer functionality itself, not on economic or other tasks for which a computer is used in its ordinary capacity.”

The self referential database found patent eligible in Enfish did more than allow computers to perform familiar tasks with greater speed and efficiency; it actually permitted users to
launch and construct databases in a new way. While deployment of a traditional relational database involved extensive modeling and configuration of the various database, Enfish’s self-referential database could be launched with no or only minimal column definitions and configured and adapted “on-the-fly.”

Similarly, according to the Federal Circuit, the software patent method of claim 1 employs a new kind of file that enables a computer security system to do things it could not do before. The security profile approach allows access to be tailored for different users and ensures that threats are identified before a file reaches a user’s computer. The fact that the security profile identifies suspicious code allows the system to accumulate and utilize newly available, behavior-based information about potential threats. According to the Federal Circuit, the asserted claims are therefore directed to a non-abstract improvement in computer functionality, rather than the abstract idea of computer security at large.

Patent eligibility determinations seem to vary greatly based on the judges on the Federal Circuit panel hearing the case.  In this case, the novelty of the method seemed to influence the patent-eligibility determination.  If novelty is a main consideration, why even bother with the Alice 35 U.S.C. 101 analysis when reviewing software patents?  While the claim was short, many claim terms were construed as requiring very specific steps.  That may have helped with the patent-eligibility determination.