SRI International, Inc. v. Cisco Systems, Inc. (Fed. Cir. 2019)

James Korenchan
McDonnell Boehnen Hulbert & Berghoff LLP
Contact
LinkedIn
Facebook
X
Send
Embed

McDonnell Boehnen Hulbert & Berghoff LLP

Claims for Monitoring and Analyzing Suspicious Network Activity Found Patent Eligible

In a precedential decision issued last week, the Federal Circuit affirmed the U.S. District Court for the District of Delaware's ruling that Plaintiff SRI International, Inc.'s ("SRI") claims related to network security are patent eligible.

Years ago, SRI sued Defendant Cisco Systems, Inc. ("Cisco") for infringement of U.S. Patent Nos. 6,711,615 (the '615 patent) and 6,484,203 (the '203 patent), after which Cisco unsuccessfully moved for summary judgement on various issues, including patent-ineligibility of the claims and whether one of SRI's papers on its own network security tool anticipates the claims.  Cisco then appealed the final judgement of the District Court with respect to these two issues, as well as issues relating to the District Court's construction of the claim term "network traffic data," denial of JMOL of no willful infringement, and grant of enhanced damages, attorneys' fees, and ongoing royalties.  This post addresses only the issue of patent eligibility, including a notable dissenting opinion by Judge Alan David Lourie.

The Majority Opinion

The majority opinion focuses on claim 1 of the '615 patent, which the Court adopted as representative.  The Court stated that claim 1 of the '615 patent and claim 1 of the '203 patent are "substantially similar" with differences that are not material to any issue on appeal.  The claimed invention is generally related to network surveillance for the purposes of security in an enterprise network.  For example, this can be accomplished by looking at packets that monitor data transfers, errors, or network connections, building statistical profiles based on packet measurements, using the profiles to determine whether there is suspicious activity, and notifying various hierarchically-related network monitors of the suspicious activity.

1.  A computer-automated method of hierarchical event monitoring and analysis within an enterprise network comprising:
    deploying a plurality of network monitors in the enterprise network; detecting, by the network monitors, suspicious network activity based on analysis of network traffic data selected from one or more of the following categories: {network packet data transfer commands, network packet data transfer errors, network packet data volume, network connection requests, network connection denials, error codes included in a network packet, network connection acknowledgements, and network packets indicative of well-known network-service protocols};
    generating, by the monitors, reports of said suspicious activity; and
    automatically receiving and integrating the reports of suspicious activity, by one or more hierarchical monitors.

In Alice Corp. v. CLS Bank Int'l, the Supreme Court set forth a two-step framework for determining whether claims are directed to patent-eligible subject matter under § 101.  First, it must be decided whether a claim is directed to a judicially-excluded law of nature, a natural phenomenon, or an abstract idea.  If so, then it must be decided whether any element or combination of elements in the claim is sufficient to transform the nature of the claim into a patent-eligible application.  To transform an abstract idea into a patent-eligible application, the claims must do more than simply state an abstract idea and broadly recite applying the abstract idea.

In addressing the issue of patent eligibility, Cisco asserted that the claims are simply directed to a known business process of analyzing data from multiple sources to detect suspicious activity.  But the District Court held that the claims are "more complex" than that.  The District Court concluded that the claims recite a specific process rooted in computer technology -- namely, using network monitors that each monitor and analyze specific types of network data, and integrating reports produced by those monitors -- in order to solve a specific problem arising in the realm of network computing -- namely, detecting hackers or other unwanted activity in a network.  The Federal Circuit agreed.  Citing Enfish, the Court affirmed that the "'focus of the claims is on the specific asserted improvement in computer capabilities'—that is, providing a network defense system that monitors network traffic in real-time to automatically detect large-scale attacks."  For at least this reason, the Court agreed with the District Court's conclusion that the claims are not directed to an abstract idea and are thus patent eligible.

The Court also pointed to the specification in support of their conclusion.  For example, the specification explains that, in conventional networks, "seemingly localized triggering events can have globally disastrous effects on widely distributed systems," and purports to solve those issues by providing "a framework for the recognition of more global threats to interdomain connectivity, including coordinated attempts to infiltrate or destroy connectivity across an entire network enterprise."

Cisco provided three main arguments for why the claims are an abstract idea, but the Court refuted each of them.  First, Cisco argued that the claims are analogous to those in Electric Power Group in that they are allegedly directed to generic steps for collecting and analyzing data.  But the Court distinguished these claims from those in Electric Power Group, instead analogizing them to those in DDR Holdings.  In particular, the Court noted that, while the Electric Power Group claims "were drawn to using computers as tools to solve a power grid problem," the claims here, like those in DDR Holdings, "prevent the normal, expected operation of a conventional computer network" -- namely, by detecting and reporting on suspicious network activity, as well as by receiving and integrating the reports using one or more hierarchical network monitors.

Cisco also argued that the claims do not improve computer functionality, per Enfish.  The Court noted how, in Alice, the Supreme Court advised that, even if a claim directed to an abstract idea uses a computer as a tool, the claim still does not pass step one muster.  Using the Supreme Court's notion as a counter to Cisco's argument, the Court stated that the claims are not automating a conventional idea on a computer, but rather recite a specific process that improves the functioning of computer networks in the realm of network security.

Lastly, Cisco cited a variety of Federal Circuit decisions, such as Intellectual Ventures I LLC v. Symantec Corp. and CyberSource Corp. v. Retail Decisions, Inc., in asserting that the claims are so general that they involve steps that could be performed in one's mind.  But the Court disagreed yet again, noting:

This is not the type of human activity that § 101 is meant to exclude.  Indeed, we tend to agree with SRI that the human mind is not equipped to detect suspicious activity by using network monitors and analyzing network packets as recited by the claims.

As such, the Court concluded that the claims are not directed to an abstract idea and are thus patent eligible.  It did not conduct an analysis under step two of the Alice framework.

Judge Lourie's Dissent

Judge Lourie wrote a dissent that relied entirely on Electric Power Group.  Practitioners on the tech side of the fence are all too familiar with what might be perceived as an over-reliance on Electric Power Group for § 101 and might view Judge Lourie's dissent with the same skepticism as they've viewed many patent-eligibility issues.

He first noted that the method recited in Electric Power Group recited "[a] method of detecting events on an interconnected electric power grid in real time over a wide area and automatically analyzing the events on the interconnected electric power grid," with the method comprising eight steps, including "receiving data," "detecting and analyzing events in real time," "displaying the event analysis results and diagnoses of events," "accumulating and updating measurements," and "deriving a composite indicator of reliability."  He emphasized that, despite having eight steps, the Court held that the Electric Power Group claim was an abstract idea without significantly more.  The claim involved selecting information for collection, analysis, and display, was only broadly rooted in computer technology, and, although limited to the context of power-grid monitoring, was still deemed to be patent ineligible.

Judge Lourie stated that these claims are "hardly distinguishable' from those in Electric Power Group, do not provide enough specifics as to how its steps are performed, show no improvement to computer technology, and are thus directed to the abstract idea of monitoring network security.  In particular, he opined that:

The claims here recite nothing more than deploying network monitors, detecting suspicious network activity, and generating and handling reports.  The detecting of the suspicious activity is based on "analysis" of traffic data, but the claims add nothing concerning specific means for doing so.  The claims only recite the moving of information.  The computer is used as a tool, and no improvement in computer technology is shown or claimed.  There is no specific technique described for improving computer network security.

Proceeding to step two, Judge Lourie asserted that, although the claims recite different types of information and information sources, the selection of information does not provide any inventive concept, and the specification indicates that the claims only rely on generic, "customary" computer components.

Judge Lourie was also not a fan of the majority's partial reliance on the '615 patent's specification:

[T]he majority opinion quotes from and paraphrases language from the specification that only recites results, not means for accomplishing them.  The claims as written, however, do not recite a specific way of enabling a computer to monitor network activity.  As we noted in Electric Power Group, result-focused, functional claims that effectively cover any solution to an identified problem, like those at issue here, frequently run afoul of Alice.  (citation omitted)

For these reasons, Judge Lourie strongly opposed the majority's ruling and would have found the claims to be patent ineligible.

SRI International, Inc. v. Cisco Systems, Inc. (Fed. Cir. 2019)
Panel:  Circuit Judges Lourie, O'Malley, and Stoll
Opinion by Circuit Judge Stoll; dissenting opinion by Circuit Judge Lourie

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© McDonnell Boehnen Hulbert & Berghoff LLP | Attorney Advertising

Written by:

McDonnell Boehnen Hulbert & Berghoff LLP
McDonnell Boehnen Hulbert & Berghoff LLP
Contact
more
less

McDonnell Boehnen Hulbert & Berghoff LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide