U.S. Patent to Database for Protecting Formula for Coca-Cola Found Invalid under CBM Review

On March 2, 2016, the USPTO Patent Trial and Appeal Board (PTAB) issued a final written decision in the Covered Business Method (CBM) patent review between Square, Inc. and Protegrity Corp., in which challenged claims were found to be unpatentable under 35 U.S.C. § 101 as being directed to non-statutory subject matter, and proposed substitute claims were denied.  The PTAB's institution of the CBM is questionable, however, since the claims do not recite anything even remotely close to some kind of financial product or service.

Square, Inc. filed a petition requesting a review under the transitional program for CBM patents of claims 1–60 of U.S. Patent No. 8,402,281, and challenged the claims under 35 U.S.C. §§ 101, 102, and 103.  The '281 patent, titled "Data Security System for a Database," issued on March 19, 2013 and has a priority date of June 18, 1997.  The '281 patent discloses a database management system for protecting data that includes multiple databases, including an operative database ("O-DB") and an information assets manager database ("IAM-DB").  The O-DB contains data that is to be protected.  The IAM-DB contains a data element protection catalogue with protection attributes for such data element types as are associated with data element values in records in the operative database O-DB and is preferably physically separated from the other O-DB.  The protection attributes state rules for processing the corresponding data element values DV.  For example, a protection attribute indicates the degree to which data element value DV is encrypted or indicates that only accepted, or certified, programs are allowed to process data element value DV.  When a user initiates an attempt to process certain data element value DV, a calling is created to data protection catalogue DPC to obtain the protection attributes associated with the data element type for data element value DV.

Claim 33 of the '281 patent is illustrative of the claims at issue and is reproduced below.

33.  A computer-implemented data processing method comprising:
    maintaining a database comprising a plurality of data portions, each data portion associated with a data category;
    maintaining a separate data protection table comprising, for at least one data category, one or more data processing rules associated with the data category that must each be satisfied before a data portion associated with the data category can be accessed;
    receiving a request to access a data portion associated with a first data category from a user;
    determining whether each of the one or more data processing rules associated with the requested data portion are satisfied; and
    granting the user access to the requested data portion responsive to each of the retrieved one or more data processing rules being satisfied.

Standing to Seek CBM Patent Review

A CBM patent claims a method or corresponding apparatus for performing data processing or other operations used in the practice, administration, or management of a financial product or service, except that the term does not include patents for technological inventions.

i.  Financial Product?

Protegrity contended that the '281 patent does not claim a financial service or product because not a single word in any single claim of the '281 Patent is purportedly directed to a financial product or service.

The PTAB does not require a literal recitation of terms of data processing of financial products or services in the claim for CBM standing.  The legislative history states that "the patent claims must only be broad enough to cover a financial product or service."  In this regard, claim 33 recites a "computer-implemented data processing method" and includes a step of "determining whether each of the one or more data processing rules associated with [a] requested data portion are satisfied."  The PTAB noted that the '281 patent discloses that protection attributes (i.e., the claimed data processing rules) are used to protect against unauthorized access of a data portion in a database and that banking is a field where protection against unauthorized access to databases that are used for administering and storing sensitive information is desired.

The PTAB also noted that although not sufficient on its own, the '281 patent is classified in 705/51 of the Office's patent classification system, which served as the original template for the definition of a CBM.  Further, the PTAB noted that whether an allegedly infringing product was a financial service was another factor to consider.

The PTAB found that this totality of evidence showed that at least claim 33 encompasses activities that are financial in nature, incidental to a financial activity, or complementary to a financial activity.

ii.  Technological Invention?

The definition of CBM patents does not include patents for "technological inventions."  To determine whether a patent is for a technological invention, the PTAB considers whether the claimed subject matter as a whole recites a technological feature that is novel and unobvious over the prior art; and solves a technical problem using a technical solution.

Data processing computers that have separate databases, which store associated data and associated rules, were known at the time of filing the '281 patent.  The claims do no recite details of managing a collection of data and for making a calling to the data protection table.  Thus, at least claim 33 does not recite a technological feature that is novel or unobvious over the prior art and does not satisfy the first prong of the test.  The '281 patent, thus, is a CBM patent that is not a technological invention.

35 U.S.C. § 101

With respect to the challenge of the claims under 35 U.S.C. § 101, the PTAB first found that the claims are directed to the abstract idea of determining whether access to data should be granted based on whether one or more rules are satisfied.  Second, merely reciting a generic computer in the claims cannot transform a patent-ineligible abstract idea into a patent-eligible invention.

Protegrity submitted declarations allegedly show that the invention of the '281 patent was used to protect the formula for Coca-Cola from unauthorized access by database administrators or system administrators.  The PTAB, however, found that the declarations failed to establish a nexus between the system provided to Coca-Cola and the claims of the '281 patent.  Thus, the PTAB was not persuaded by the declarations, and found that the '281 patent does not provide a novel and nonobvious solution to a problem deeply rooted in computer technology.

The PTAB analyzed all claims and noted that all features in the claims were well-known and conventional at the time of filing the '281 patent.  According to the PTAB, such well-known features included:

• Data processing computers having separate databases, which store associated data and associated attributes,

• Restricting access to data based upon a user, a program or version of a program, whether activity logging is occurring, or to columns or fields of databases,

• Different levels of encryption and storing and transmitting encrypted data,

• Encrypting data using a cryptographic key and providing the key to authorized users.

Thus, all claims were found patent ineligible under section 101 as being directed to an abstract idea without any inventive features.

Motion to Amend

Protegrity filed a Motion to Amend that requested cancellation of claims 1–32 (which was granted) and to substitute new claims 61–68 for some of the challenged claims, but this aspect was denied by the PTAB.

In a CBM patent review, an amendment may not broaden a challenged claim in any respect when responding to a challenge of unpatentability.  An amendment also may not introduce new matter.

Notably, proposed substitute claim 61 was amended to add a limitation that requires "automatically calling from the database to the separate data protection table to collect each of the plurality of data processing."  Proposed substitute claim 61 was also amended to delete the limitation that requires "determining whether each of the one or more plurality of data processing rules associated with the request data portion are satisfied."

First, deleting this feature from the claim necessarily broadened the scope of the claim in some respect, and so the amendment is denied entry for this reason.

Second, the '281 patent and its original disclosure do not "clearly" define or describe a calling from the database to the separate date protection table.  Although the '281 patent describes a calling to collect the data protection attributes, it does not describe that the calling is from the database.  Protegrity, thus, failed to show that the proposed substitute claims are adequately supported by the written description.

Thus, the PTAB denied entry of the substitute claims, and determined that remaining claims 33–60 are unpatentable under 35 U.S.C. § 101 as being directed to non-statutory subject matter.

An interesting aspect in this CBM is whether it should have been instituted in the first place.  The patent claims recite nothing that can be considered as a "financial product or service", but the fact that the claims may cover some financial product or service is enough, according to the PTAB.  If the patent description describes any kind of financial product or service, then the claims will be considered to possibly cover one.  Further, if the alleged infringing product is a financial product, then of course, the claims will be considered to cover a financial product.

The problem in this instance is that if this CBM was not instituted, then the challenger could only have sought review by the PTAB through reexamination or inter partes review, both of which prohibit challenges under 35 U.S.C. § 101.  Then, the challenger/defendant would have had to assert invalidity under 35 U.S.C. § 101 in court, which follows a more strict standard for claim interpretation.  This may not really have changed the outcome here though, since the claims at issue are quite broad and lacking in novelty and technical features.

Square, Inc. v. Protegrity Corporation (PTAB 2016)
Before Kevin F. Turner, Meredith C. Petravick, and Gregg I. Anderson, Administrative Patent Judges.
Final Written Decision by Meredith C. Petravick