Summary
holding that claim to a specific technique for improving computer security against unauthorized use of a program was not directed to an abstract idea
Summary of this case from Athena Diagnostics, Inc. v. Mayo Collaborative Servs., LLCOpinion
2018-1404
11-16-2018
ANCORA TECHNOLOGIES, INC., Plaintiff-Appellant v. HTC AMERICA, INC., HTC Corporation, Defendants-Appellees
Marc Lorelli, Brooks Kushman PC, Southfield, MI, argued for plaintiff-appellant. Also represented by Mark A. Cantor, John S. Le Roy, John P. Rondini. Irfan A. Lateef, Knobbe, Martens, Olson & Bear, LLP, Irvine, CA, argued for defendants-appellees. Also represented by Brian Christopher Claassen, Daniel C. Kiang, Joseph R. Re.
Marc Lorelli, Brooks Kushman PC, Southfield, MI, argued for plaintiff-appellant. Also represented by Mark A. Cantor, John S. Le Roy, John P. Rondini.
Irfan A. Lateef, Knobbe, Martens, Olson & Bear, LLP, Irvine, CA, argued for defendants-appellees. Also represented by Brian Christopher Claassen, Daniel C. Kiang, Joseph R. Re.
Before Dyk, Wallach, and Taranto, Circuit Judges.
Taranto, Circuit Judge
Ancora Technologies, Inc.’s U.S. Patent 6,411,941 is entitled "Method of Restricting Software Operation Within a License Limitation." The patent describes and claims methods of limiting a computer’s running of software not authorized for that computer to run. It issued in 2002, and the patentability of all claims was confirmed in a reexamination in 2010. The ’941 patent was previously before this court in Ancora Technologies, Inc. v. Apple, Inc. , 744 F.3d 732 (Fed. Cir. 2014), which involved a 2011 infringement suit against Apple that raised issues of claim construction and indefiniteness in this court.
Ancora brought this action against HTC America and HTC Corporation in 2016, alleging infringement of the ’941 patent. HTC moved to dismiss on the ground that the patent’s claims are invalid because their subject matter is ineligible for patenting under 35 U.S.C § 101. The district court granted HTC’s motion to dismiss, concluding that the claims are directed to, and ultimately claim no more than, an abstract idea.
We reverse. Under Enfish, LLC v. Microsoft Corp ., 822 F.3d 1327 (Fed. Cir. 2016), and related authorities, we conclude, the claims at issue here are not directed to ineligible subject matter. Rather, we hold, the claimed advance is a concrete assignment of specified functions among a computer’s components to improve computer security, and this claimed improvement in computer functionality is eligible for patenting. As a result, the claims are not invalid under § 101.
I
A
Describing aspects of the prior-art methods it seeks to improve, the ’941 patent states that "[n]umerous methods have been devised for the identifying and restricting of an unauthorized software program’s operation." ’941 patent, col. 1, lines 12–14. For example, software-based methods exist that require writing a license signature on the computer’s hard drive, but a flaw in those methods is that such a signature can be changed by hackers without damaging other aspects of computer functionality. Id ., col. 1, lines 19–26. Hardware-based methods exist that require inserting a dongle into a computer port to authenticate the software authorization, but those methods are costly, inconvenient, and not suitable for software sold and downloaded over the internet. Id. , col. 1, lines 27–32.
The ’941 patent describes an asserted improvement based on assigning certain functions to particular computer components and having them interact in specified ways. The proposed method "relies on the use of a key and of a record." Id. , col. 1, lines 40–41. A "key," which is "a unique identification code" for the computer , is embedded in the read-only memory (ROM) of the computer’s Basic Input Output System (BIOS) module: the key "cannot be removed or modified." Id. , col. 1, lines 45–51. A "record" is a "license record" associated with a particular application : "each application program that is to be licensed to run on the specified computer[ ] is associated with a license record[ ] that consists of author name, program name[,] and number of licensed users (for network)." Id. , col. 1, lines 52–57.
The asserted innovation of the patent relates to where the license record is stored in the computer and the interaction of that memory with other memory to check for permission to run a program that is introduced into the computer. The inventive method uses a modifiable part of the BIOS memory—not other computer memory—to store the information that can be used, when a program is introduced into the computer, to determine whether the program is licensed to run on that computer. BIOS memory is typically used for storing programs that assist in the start-up of a computer, not verification structures comparable to the software-licensing structure embodied by the claimed invention. Using BIOS memory, rather than other memory in the computer, improves computer security, the patent indicates, because successfully hacking BIOS memory (i.e. , altering it without rendering the computer inoperable) is much harder than hacking the memory used by the prior art to store license-verification information. Id. , col. 3, lines 4–17; see Ancora , 744 F.3d at 733–34 ("Thus, the inventors stated that their method makes use of the existing computer hardware (eliminating the expense and inconvenience of using additional hardware), while storing the verification information in a space that is harder and riskier for a hacker to tamper with than storage areas used by earlier methods.").
More specifically: The method calls for storage of a license record in a "verification structure" created in a portion of BIOS memory that, unlike the ROM of the BIOS, "may be erased or modified"—for example, an Electrically Erasable Programmable Read Only Memory (E PROM), which may be altered by "using E
PROM manipulation commands." Id. , col. 1, line 65 through col. 2, line 5. The role of the verification structure is to "indicate that the specified program is licensed to run on the specified computer." Id. , col. 1, lines 60–62. "This is implemented by encrypting the license record (or portion thereof) using [the computer-specific] key (or portion thereof) ... as an encryption key." Id. at lines 59–67. When a program has been loaded into the computer’s volatile memory (e.g. , Random Access Memory), the computer, in order to verify authorization to run that program, "accesses the program under question, retrieves therefrom the license record, encrypts the record utilizing the specified unique key ... and compares the so encrypted record" to the one stored in the verification structure in the (erasable, modifiable) BIOS. Id. , col. 2, lines 10–19. If the newly encrypted record does not match the one in the BIOS, the program is halted or other action is taken. Id. at lines 19–26.
In the district court, the parties focused their arguments on claim 1 of the ’941 patent. We therefore discuss only that claim. It reads as follows:
1. A method of restricting software operation within a license for use with a computer including an erasable, non-volatile memory area of a BIOS of the computer, and a volatile memory area; the method comprising the steps of:
selecting a program residing in the volatile memory,
using an agent to set up a verification structure in the erasable, non-volatile memory of the BIOS, the verification structure accommodating data that includes at least one license record,
verifying the program using at least the verification structure from the erasable non-volatile memory of the BIOS, and
acting on the program according to the verification.
Id. , col. 6, line 59 through col. 7, line 4.
B
On December 15, 2016, Ancora filed this action in the Western District of Washington, alleging that HTC has infringed and is infringing the ’941 patent. In April 2017, HTC moved to dismiss under Rule 12(b)(6) of the Federal Rules of Civil Procedure. HTC argued that the subject matter of the claims of the patent is ineligible for patenting under 35 U.S.C. § 101.
In May 2017, HTC filed with the Patent Trial and Appeal Board a petition to institute a review of the ’941 patent, on § 101 and other grounds, under the provision for review of Covered Business Method patents set forth in Section 18 of the Leahy-Smith America Invents Act, Pub. L. No. 112-29, 125 Stat. 284, 329–31 (2011). Section 18(d)(1) excludes patents "for technological inventions" from such review. An implementing regulation calls for consideration of "whether the claimed subject matter as a whole recites a technological feature that is novel and unobvious over the prior art; and solves a technical problem using a technical solution." 37 C.F.R. § 42.301(b). On December 1, 2017, the Board rejected the request to institute a review, concluding that the ’941 patent claims a technical solution to a technical problem and comes within the "technological inventions" exception for such reviews. HTC Corp. v. Ancora Techs. Inc. , CBM2017-00054, 2017 WL 6032605, at *3–5 (P.T.A.B. Dec. 1, 2017).
On December 14, 2017, the district court granted HTC’s motion to dismiss. Ancora Techs., Inc. v. HTC America, Inc. , 287 F.Supp.3d 1168, 1170 (W.D. Wash. 2017). The court followed the two-step analytic process set forth in Alice Corp. v. CLS Bank International , 573 U.S. 208, 134 S.Ct. 2347, 189 L.Ed.2d 296 (2014). At the first step, because "the claims at issue are directed toward computer-related technology," the court asked "whether the focus of the claims is on the specific asserted improvement in computer capabilities or, instead, on a process that qualifies as an ‘abstract idea’ for which computers are invoked merely as a tool." Ancora Techs., Inc. , 287 F.Supp.3d at 1173 (quoting Enfish , 822 F.3d at 1335–36 ). The court stated that the patent claims are "not focused on how usage of the BIOS to store the verification structure leads to an improvement in computer security" and that "the erasable, non-volatile memory of the BIOS ... is typically used to store data." Id. at 1174. The court concluded that the claims’ "focus is on the abstract concept of selecting a program, verifying whether the program is licensed, and acting on the program according to the verification." Id. Proceeding then to step two of the Alice framework, the district court concluded that the claims contained no "inventive concept" that makes their subject matter something significantly more than the abstract idea: in particular, "[s]pecifying that the BIOS be used to house the verification structure" calls for nothing more than "[s]toring data in the memory of a computer component that generally stores data." Id. at 1175.
The district court issued its final judgment on December 20, 2017. Ancora timely filed a notice of appeal on December 29, 2017. See 28 U.S.C. § 2107(a). We have jurisdiction to hear this appeal pursuant to 28 U.S.C. § 1295(a)(1).
II
We review the Rule 12(b)(6) dismissal de novo. See OIP Techs., Inc. v. Amazon.com, Inc. , 788 F.3d 1359, 1362 (Fed. Cir. 2015) (following Ninth Circuit law). We recently explained:
Eligibility under 35 U.S.C. § 101 is a question of law, based on underlying facts. Like other legal questions based on underlying facts, this question may be, and frequently has been, resolved on a Rule 12(b)(6) or (c) motion where the undisputed facts, considered under the standards required by that Rule, require a holding of ineligibility under the substantive standards of law.
SAP America, Inc. v. InvestPic, LLC , 898 F.3d 1161, 1166 (Fed. Cir. 2018) (internal citations omitted).
Section 101 defines patent-eligible subject matter as "any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof." 35 U.S.C. § 101. Laws of nature, natural phenomena, and abstract ideas are not eligible matter. Mayo Collaborative Servs. v. Prometheus Labs., Inc. , 566 U.S. 66, 70, 132 S.Ct. 1289, 182 L.Ed.2d 321 (2012). A two-step analysis determines whether claim 1 of the ’941 patent falls outside § 101. We ask (1) whether the claim, as a whole, is "directed to" patent-ineligible matter—here, an abstract idea—and (2) if so, whether the elements of the claim, considered individually or as an ordered combination " ‘transform the nature of the claim’ into a patent-eligible application." Alice , 573 U.S. at ––––, 134 S.Ct. at 2355 (quoting Mayo , 566 U.S. at 78, 132 S.Ct. 1289 ). We conclude that claim 1 is not directed to an abstract idea, and therefore we do not reach the second step.
We examine the patent’s " ‘claimed advance’ to determine whether the claims are directed to an abstract idea." Finjan, Inc. v. Blue Coat System, Inc. , 879 F.3d 1299, 1303 (Fed. Cir. 2018). "In cases involving software innovations, this inquiry often turns on whether the claims focus on ‘the specific asserted improvement in computer capabilities ... or, instead, on a process that qualifies as an "abstract idea" for which computers are invoked merely as a tool.’ " Id. (quoting Enfish , 822 F.3d at 1335–36 ); see BSG Tech LLC v. Buyseasons, Inc. , 899 F.3d 1281, 1285–86 (Fed. Cir. 2018). Computers are improved not only through changes in hardware; "[s]oftware can make non-abstract improvements to computer technology ...." Enfish , 822 F.3d at 1335 ; see Finjan , 879 F.3d at 1304. We have several times held claims to pass muster under Alice step one when sufficiently focused on such improvements.
In Enfish , we held that the patent claims at issue were not directed to an abstract idea because the claimed self-referential tables improved the way that computers operated and handled data. The claimed self-referential tables allowed the more efficient launching and adaptation of databases. Enfish , 822 F.3d at 1333, 1336 ; see BSG , 899 F.3d at 1288 (noting that the self-referential table in Enfish "enabled programmers to construct databases in new ways that required less modeling and configuring of various tables prior to launch"); Finjan , 879 F.3d at 1304–05 (describing Enfish ).
In Visual Memory LLC v. NVIDIA Corp. , we drew a similar conclusion about claims focused on a specific improvement in computer memory. 867 F.3d 1253, 1262 (Fed. Cir. 2017). The district court had determined that the claims were directed to the abstract concept of categorical data storage. Id. at 1257. We determined that the district court had erred because the patent was specifically "directed to an improved computer memory system, not to the abstract idea of categorical data storage," and therefore was not directed to an abstract idea. Id. at 1259. The claims were specific and limited to certain types of data to be stored. Id. "None of the claims recite[d] all types and all forms of categorical data storage." Id. As we summarized in BSG , the Visual Memory claims were directed to "an ‘improved memory system’ that configured operational characteristics of a computer’s cache memory based on the type of processor connected to the memory system," allowing "the claimed invention to accommodate different types of processors without compromising performance." 899 F.3d at 1288. This was an improvement in computer functionality. Visual Memory , 867 F.3d at 1260.
In Finjan , we held that claims to a "behavior-based virus scan" were a specific improvement in computer functionality and hence not directed to an abstract idea. 879 F.3d at 1304. The claimed technique of scanning enabled "more flexible and nuanced virus filtering" and detection of potentially dangerous code. Id. The claims thus were directed to "a non-abstract improvement in computer functionality" having the benefit of achieving greater computer security. Id. at 1305.
In Core Wireless Licensing S.A.R.L. v. LG Electronics, Inc. , we held that claims to a method for making websites easier to navigate on a small-screen device were not directed to an abstract idea. 880 F.3d 1356, 1363 (Fed. Cir. 2018). The claimed method involved launching a summary window to allow small-screen users to quickly access commonly used features of a website. Id. at 1359–60. Although the defendant argued that the patent was directed to the abstract idea of indexing information, we determined that the claims were directed to a specific type of index for a specific type of user and so not directed to an abstract idea. Id. at 1362–63.
Most recently, in Data Engine Technologies LLC v. Google LLC , this court held that claims to "a specific method for navigating through three-dimensional electronic spreadsheets" were "not directed to an abstract idea." 906 F.3d 999, 1007 (Fed. Cir. 2018). The method provided "a specific solution to then-existing technological problems in computers and prior art electronic spreadsheets." Id. at 1008. The navigation difficulties of prior-art spreadsheets were addressed "in a particular way—by providing a highly intuitive, user-friendly interface with familiar notebook tabs for navigating the three-dimensional worksheet environment." Id. We distinguished other cases in which we had held claims to be "simply directed to displaying a graphical user interface or collecting, manipulating, or organizing information"; the claims in Data Engine , we concluded, recite "a specific structure (i.e., notebook tabs) within a particular spreadsheet display that performs a specific function (i.e., navigating within a three-dimensional spreadsheet)." Id. at 1010–11.
In accordance with those precedents, we conclude that claim 1 of the ’941 patent is not directed to an abstract idea. Improving security—here, against a computer’s unauthorized use of a program—can be a non-abstract computer-functionality improvement if done by a specific technique that departs from earlier approaches to solve a specific computer problem. See Finjan , 879 F.3d at 1304–05. The claimed method here specifically identifies how that functionality improvement is effectuated in an assertedly unexpected way: a structure containing a license record is stored in a particular, modifiable, non-volatile portion of the computer’s BIOS, and the structure in that memory location is used for verification by interacting with the distinct computer memory that contains the program to be verified. In this way, the claim addresses a technological problem with computers: vulnerability of license-authorization software to hacking. ’941 patent, col. 1, lines 12–35; cf. HTC , 2017 WL 6032605, at *3–5 (PTAB conclusion regarding "technological inventions"). It does so by relying on specific and unique characteristics of certain aspects of the BIOS that the patent asserts, and we lack any basis for disputing, were not previously used in the way now claimed, and the result is a beneficial reduction of the risk of hacking. ’941 patent, col. 1, line 39, through col. 2, line 59; id. , col. 3, lines 4–17; id. , col. 6, lines 59–67. The prosecution history reinforces what the patent itself indicates about the change in previous verification techniques for computer security. See J.A. 283 (examiner stating reasons for allowance, summarizing patent’s solution of "using an agent to set up a verification structure in the erasable, non-volatile memory of the BIOS"); Ancora , 744 F.3d at 735–36 (quoting applicants’ arguments to examiner).
In short, claim 1 of the ’941 patent is directed to a solution to a computer-functionality problem: an improvement in computer functionality that has "the specificity required to transform a claim from one claiming only a result to one claiming a way of achieving it." SAP America, Inc. , 898 F.3d at 1167. It therefore passes muster under Alice step one, as it is not directed to patent-ineligible subject matter. We need not and do not apply step two of the Alice analysis. See Data Engine , 906 F.3d at 1011 ; Finjan , 879 F.3d at 1306 ; Visual Memory , 867 F.3d at 1262.
We do note, in accord with our recognition of overlaps between some step one and step two considerations, Electric Power Group, LLC v. Alstom S.A. , 830 F.3d 1350, 1353 (Fed. Cir. 2016), that our conclusion that the specific improvement in this case passes muster at step one is indirectly reinforced by some of our holdings under step two. For example, in BASCOM Global Internet Services v. AT&T Mobility , we held that claims to a method and system of filtering Internet content using an Internet Service Provider (ISP) server were a "technical improvement over the prior art ways of filtering such content." 827 F.3d 1341, 1350, 1352 (Fed. Cir. 2016). The prior art disclosed two forms of content-filtering systems: software was either (1) "placed on local computers, such that each local computer had its own tool for filtering [content]"; or (2) placed on "a local server" or remote ISP server. Id. at 1343–44. But both of those systems had disadvantages: the former allowed end-user modifications and was difficult to administer; the latter ignored material differences among end users. Id. The claimed invention addressed the disadvantages of the prior art through a filtering system located on an ISP server that used the server’s ability to "to associate an individual user with a specific request" to create individually customizable filtering. Id. In holding the claimed invention eligible under Alice step two, we reasoned that although "[f]iltering content on the Internet was already a known concept, ... the patent describes how its particular arrangement of elements is a technical improvement over the prior art ways of filtering such content." Id. at 1349–50. A similar characterization, we think, applies to the technical improvement claimed in this case and, in light of the line of cases we have discussed above, justifies the conclusion that claim 1 of the ’941 patent is not directed to an abstract idea, but to a computer-functionality improvement.
The contrast with another step-two case, Intellectual Ventures I LLC v. Symantec Corp. , 838 F.3d 1307 (Fed. Cir. 2016), is also instructive. There, one claimed invention required the installation of virus screening software on a telephone network. Id. at 1319. But because the claim at issue did not "recite[ ] any improvement to conventional virus screening software, nor ... solve any problem associated with situating such virus screening on the telephone network," we held that the patent did not identify a sufficient inventive concept under Alice to transform the claimed abstract idea into something patentable. Id. at 1320–21. Nor did the claimed method provide advantages with respect to computer function. Id. at 1320. In the present case, in contrast, the record described above shows that the claimed invention moves a software-verification structure to a BIOS location not previously used for this computer-security purpose and alters how the function is performed (in that the BIOS memory used for verification now interacts with distinct computer memory to perform a software-verification function), yielding a tangible technological benefit (by making the claimed system less susceptible to hacking). Thus, Intellectual Ventures I v. Symantec is consistent with our conclusion.
HTC does not dispute that all claims pass muster if claim 1 does. Accordingly, we hold that HTC has not shown the ’941 patent ’s claims to be invalid under 35 U.S.C. § 101. We do not have before us any question about invalidity under other provisions of Title 35.
III
For the foregoing reasons, we reverse the judgment of the district court and remand the case.
Costs to Ancora.