Opinion
C20-0851 TSZ
10-28-2022
INTERNATIONAL BUSINESS MACHINES CORPORATION, Plaintiff, v. ZILLOW GROUP, INC.; and ZILLOW, INC., Defendant.
ORDER
Thomas S. Zilly United States District Judge
THIS MATTER comes before the Court to construe certain claim terms of United States Patent No. 7,631,346 (the “'346 Patent”) pursuant to Markman v. Westview Instruments, Inc., 52 F.3d 967 (Fed. Cir. 1995), and Phillips v. AWH Corp., 415 F.3d 1303 (Fed. Cir. 2005). Having reviewed the parties' respective opening and responsive briefs and supporting materials, including the patent-in-suit, Ex. 48 to 2d Am. Compl. (Dkt. 156-19), the Court enters the following order.
Background
Plaintiff International Business Machine Corporation (“IBM”) accuses Defendants Zillow Group, Inc., and Zillow, Inc., (together, “Zillow”) of direct and indirect infringement of the '346 Patent. The '346 Patent discloses a method, system, and apparatus to improve single-sign-on technology. See 2d Am. Compl. at ¶ 31 (Dkt. 156); '346 Patent at 2:55-60. To access a web resource at a service provider on the Internet, users typically must authenticate themselves with each service provider. See '346 Patent at 1:38-51. Single-sign-on technology facilitates a user's connection to resources by requiring only one authorization operation, or sign-on, during a particular user session. See id. at 2:4-8. For example, in a single-sign-on environment, users could enter a username and password on the homepage of a service provider and request multiple protected webpages without reentering their credentials, as opposed to entering their credentials multiple times. Id. at 2:19-42.
IBM alleges that Zillow infringes at least Claim 1 of the '346 Patent through its websites and mobile applications by providing a user with a single-sign-on experience. Claim 1 of the '346 Patent, which is an independent claim, discloses
A method for managing user authentication within a distributed data processing system, wherein a first system and a second system interact within a federated computing environment and support single-sign-on operations in order to provide access to protected resources, at least one of the first system and the second system comprising a processor, the method comprising; [sic]
triggering a single-sign-on operation on behalf of the user in order to obtain access to a protected resource that is hosted by the second system, wherein the second system requires a user account for the user to complete the single-sign-on operation prior to providing access to the protected resource;
receiving from the first system at the second system an identifier associated with the user; and
creating a user account for the user at the second system based at least in part on the received identifier associated with the user after triggering the single-sign-on operation but before generating at the second
system a response for accessing the protected resource, wherein the created user account supports single-sign-on operations between the first system and the second system on behalf of the user.'346 Patent at 43:39-61 (emphasis added to highlight disputed claim language). The '346 Patent includes the following diagram of an embodiment of the invention in juxtaposition with the prior art:
(IMAGE OMITTED) Id. at Figs. 1E & 2 (modified). The prior art in Figure 1E shows how a user must sign on (highlighted in yellow) multiple times to access different web domains (highlighted in green). See id. at 10:30-45. The invention of the '346 Patent, embodied in Figure 2, shows how a user may sign on once (highlighted in yellow) to access multiple web domains (highlighted in green), each of which rely on the previous domain or service provider in the stack to authorize the user's access. See id. at 12:34-46.
The '346 Patent also includes the following diagram of an embodiment of the invention:
(IMAGE OMITTED) Id. at Fig. 3 (modified). Figure 3 shows a user signing on (highlighted in yellow) to a device (highlighted in red). See id. at 13:59-65. On that device, a user can access multiple browser applications or other mobile applications (highlighted in green). See Id. at 13:66-14:7. In the patented method, the user signs on to one of the possible applications, and that application then goes through the authentication process (highlighted in blue). See id. at 14:77-55. Through a system of mutual trust, the first application's authentication process allows a user to interact with other applications without signing in again. See id. at 14:56-67.
Discussion
The parties disagree about five of the claim terms in the '346 Patent and provide their proposed constructions for each term, namely “distributed data processing system,” “federated computing environment,” “protected resource(s),” “single-sign-on operation,” and “triggering a single-sign-on operation on behalf of the user.” The Court addresses each term seriatim.
A. Claim Construction Standards
The Court has both the authority and the obligation to construe as a matter of law the meaning of language used in a patent claim. Markman, 52 F.3d at 979. In doing so, the Court must consider the intrinsic evidence in the record, meaning the claims, the specification, and the prosecution history. Id. The words of a patent claim are generally assigned their “ordinary and customary meaning.” Phillips, 415 F.3d at 1312. When the claim terms are clear enough to permit the trier of fact to perform its work, the Court need not engage in further analysis or attempt to rewrite or otherwise alter the language that has received the imprimatur of the United States Patent and Trademark Office (“PTO”). See Ballard Med. Prods. v. Allegiance Healthcare Corp., 268 F.3d 1352, 1358 (Fed. Cir. 2001) (“Markman does not require a district court to follow any particular procedure in conducting claim construction. It merely holds that claim construction is the province of the court, not a jury. . . [a]s long as the trial court construes the claims to the extent necessary to determine whether the accused device infringes, the court may approach the task in any way that it deems best.” (emphasis added)); see also Static Control Components, Inc. v. Lexmark Int'l, Inc., 502 F.Supp.2d 568, 575-76 (E.D. Ky. 2007).
The specification is “the single best guide to the meaning of a disputed term.” Phillips, 415 F.3d at 1315. If the specification reveals a definition given to a claim term that differs from the meaning it would otherwise possess, the inventor's lexicography trumps the ordinary and customary, or dictionary, construction. Id. at 1316. Similarly, the prosecution history evidences how the inventor understood the terms used in the patent. Id. at 1317. Because the prosecution history, however, represents the “ongoing negotiation” between the United States Patent and Trademark Office and the applicant, it might suffer from a lack of clarity and is often less useful for claim construction purposes than the specification. Id. In addition, although the prosecution history “can and should be used to understand the language used in the claims,” it may not itself “enlarge, diminish, or vary” the limitations in the claims. Markman, 52 F.3d at 980.
The ordinary and customary meaning of a claim term is the definition ascribed to it by “a person of ordinary skill in the art in question at the time of the invention.” Phillips, 415 F.3d at 1313. The context in which a claim term is used might also be instructive. Id. at 1314. In addition, the other claims of a patent might illuminate the meaning of a term, through consistent usage of the same term, or inclusion in a dependent claim of an additional term not present in the related independent claim. Id. at 1314-15.
B. Disputed Claim Terms
1. Distributed Data Processing System
The parties agree to the introductory phrase “computers connected through a network” as a construction for a “distributed . . . system,” but the agreement stops there. IBM asks the Court to define the “distributed data processing system” claim language as meaning “computers connected through a network that perform data processing.” See IBM Op. Br. at 2 (Dkt. 203 at 6). Zillow counters that “distributed data processing system” should be understood as “computers connected through a network in which application transaction programs distributed among interconnected processors of different federation members in different network domains cooperate to complete a particular transaction initiated by a user interaction with an application at a processor of one federation member in one domain.” Zillow Op. Br. at 13 (Dkt. 201).
Zillow offers a definition that it cobbled together from two dictionaries, namely the IBM Computing Dictionary and the Microsoft Computing Dictionary. See Ex. A to Peaslee Decl. (Dkt. 202-1 at 6-7); Ex. B to Peasleee Decl. (Dkt. 202-2 at 4). In doing so, Zillow overlooks the IBM Computing Dictionary's first two definitions, “(1) Data processing in which some or all of the processing . . . are dispersed among data processing stations” and “(2) Processing that takes place across two or more linked systems,” which more aptly fit this case. Ex. A to Peaslee Decl. (Dkt. 202-1 at 6). The '346 Patent uses the “data processing system” claim language to describe an environment in which the patented technology performs its function. See '346 Patent at 13:59-63 (“a block diagram depicts the integration of pre-existing data processing systems at a given domain . . .”). The claim language does not describe the behavior of the system itself, as Zillow's proposed construction suggests.
The errors in Zillow construction are not limited to misapplication of dictionary definitions. Zillow's proposed construction repeats verbiage that already appears in Claim 1 of the '346 Patent. Zillow asks this Court to define “data processing” in light of a “federation member,” which ostensibly would be a member of the patent's “federated environment.” Zillow Op. Br. (Dkt. 201 at 3); '346 Patent at 11:42-43. Thus, using Zillow's proposed claim construction would result in an unnecessary redundancy. The Court will not define this claim term by referring to a different term that appears elsewhere in the claims. See Apple, Inc. v. Ameranth, Inc., 842 F.3d 1229, 1237 (Fed. Cir. 2016).
By contrast, IBM's suggested language describes a network environment wherein the technology described in the patent functions. See '346 Patent at 43:39 (“. . . within a distributed data processing system”). The agreed addition of “computers connected through a network” is an accurate construction of the claim language, and the remainder of IBM's construction does not disturb the language approved by the PTO. See Ballard Med., 268 F.3d at 1358; see also Static Control, 502 F.Supp.2d at 575-76. The Court therefore adopts IBM's proposed construction.
2. Federated Computing Environment
The Federal Circuit's previous construed of this exact language in this patent. See Int'l Bus. Machs. Corp. v. Iancu, 759 Fed.Appx. 1002, 1007-08 (Fed. Cir. 2019). In Iancu, the Patent Trial and Appeal Board (“PTAB”) had previously construed “federated computing environment” to mean:
an environment having a loosely coupled affiliation of entities that adhere to certain standards of interoperability; the federation provides a mechanism for trust among those entities with respect to certain computational operations for the users within the federation.Id. at 1007 (emphasis in original). In Iancu, Federal Circuit vacated the PTAB's decision and remanded for further proceedings. Id. at 1012. In its review, the Federal Circuit looked to the '346 Patent's specification, which states: “In the context of the present invention, a federation is a set of distinct entities, such as enterprises, organizations, institutions, etc., that cooperate to provide a single-sign-on, ease-of-use experience to a user.” See id. at 1007 (quoting '346 Patent at 10:62-64.) The Federal Circuit held that, instead of the term “entities,” a federated computing environment “requires a plurality of distinct enterprises.” Id. at 1008.
The Court takes its guidance from the Federal Circuit, as it must. Consistent with IBM's proposal, see IBM Op. Br. at 4 (Dkt. 203), as well as Zillow's interpretation, see Zillow Op. Br. at 16 (Dkt. 211-1), the Court construes “federal computing environment” to mean:
Zillow suggests substituting for “plurality of distinct enterprises” the phrase “plurality of distinct entities, such as enterprises, organizations, institutions, etc.” Zillow Op. Br. at 16. The Court sees no substantive difference in the wording and opts for the simpler version, which was articulated by the Federal Circuit.
an environment having a loosely coupled affiliation of a plurality of distinct enterprises that adhere to certain standards of interoperability; the federation provides a mechanism for trust among those enterprises with respect to certain computational operations for the users within the federation.
3. Protected Resource(s)
IBM offers the construction that “protected resource(s)” means “an application, an object, a document, a page, a file, executable code, or other computational resource, communication-type resource, etc., identified by a Uniform Resource Locator (URL), or more generally, a Uniform Resource Identifier (URI), that can only be accessed by an authenticated and/or authorized user.” IBM Op. Br. (Dkt. 201 at 22). In response, Zillow offers the construction of “resource(s) controlled by a plurality of enterprises that can only accessed by an authenticated or authorized user.” Zillow Op. Br. at 19 (Dkt. 211-1).
IBM's definition comes directly from the specification, which is “the single best guide to the meaning of a disputed term.” Phillips, 415 F.3d at 1315. When “the specification[] reveal[s] a special definition given to a claim term by the patentee that differs from the meaning it would otherwise possess . . . the inventor's lexicography governs.” Phillips, 415 F.3d at 1316. The specification states that
Another district court has adopted the same construction. See Int'l Bus. Machines. Corp. v. Priceline Grp. Inc., 2016 WL 6405824, at *19 (D. Del. Oct. 28, 2016).
A protected or controlled resource is a resource (an application, an object, a document, a page, a file, executable code, or other computational resource, communication-type resource, etc.) for which access is controlled or restricted. A protected resource is identified by a Uniform Resource Locator (URL), or more generally, a Uniform Resource Identifier (URI), that can only be accessed by an authenticated and/or authorized user.'346 Patent at 5:60-67. The language of the specification normally would end the matter, but as Zillow points out, the Federal Circuit also has spoken on the issue. The Court must give that guidance due weight.
Zillow argues that the method of the '346 Patent only makes sense if the “protected resource(s)” to which a user seeks access are controlled by a plurality of enterprises. In support, Zillow cites to Iancu, where the Federal Circuit said that the '346 Patent seeks
to ease user authentications, through single-sign-on techniques, when the resources to which a user seeks access are not within the unitary control of a single enterprise but, instead, are controlled by a plurality of enterprises who must make cooperative arrangements to establish trust mechanisms to meet
the greater challenges of simplifying user access when unitary control is missing.759 Fed. App'x at 1007. The Iancu Court added that “[b]eing federated . . . presupposes the absence of the unitary control that a single enterprise could exercise over its own resources.” Id. Zillow says that this language impliedly requires the inclusion of the necessary limitation “controlled by a plurality of enterprises.”
Zillow misreads Iancu. In the above-quoted passage, the Iancu Court was addressing the claim language “federated computing environment.” It was not addressing the definition of a “protected resource.” In Iancu, the Federal Circuit explained that the plurality of resources are controlled by a plurality of enterprises. It did not opine that each individual resource is controlled by a plurality of enterprises. By improperly relying on Iancu's prescription regarding different claim language, Zillow seeks to add the extraneous limitation that “protected resource(s)” must be “controlled by a plurality of enterprises.”
Indeed, the '346 Patent already includes the limitation that Zillow wishes to include, albeit in a different place. The '346 Patent already includes the limitation that the transactions contemplated by the patent require multiple enterprises. The '346 Patent does so in the claim language “federated computing environment,” as Iancu discusses. The '346 Patent does not do so, however, in the language “protected resources.” Thus, in addition to misinterpreting Iancu, Zillow's proposed construction is duplicative. See Apple, 842 F.3d at 1237.
Zillow's proposed construction also contradicts the Federal Circuit's instruction that every term in a claim should be given meaning. See, e.g., Pause Tech., LLC v. TiVo, Inc., 419 F.3d 1326, 1334 (Fed. Cir. 2005); Exxon Chem. Patents, Inc. v. Lubrizol Corp., 64 F.3d 1553, 1557 (Fed. Cir. 1995). Zillow defines “resource(s)” to mean “resource(s).” Zillow Op. Br. at 17 (Dkt. 201). That proposed definition does not give the term meaning. Zillow also gives no conceivable explanation for what makes these resource(s) “protected,” other than their control by multiple enterprises. As such, Zillow's proposed construction does not give each claim term the “respect that it is due.” Pause, F.3d at 1334. The Court adopts IBM's definition, which comes directly from the specification. Iancu does not require a different result.
4. Single-Sign-On Operation
As with the claim language “federated computer environment,” the Federal Circuit has spoken as to the claim language “single-sign-on operation.” While discussing the '346 Patent, the Federal Circuit held that a “‘single-sign-on operation' . . . is one that does not require the user to take [an] action to gain access to a second entity's resources after the user has been authenticated with a first entity.” Iancu, 759 Fed.Appx. at 1009. The Federal Circuit reasoned from the specification that the definition of “authentication” means “the process of validating a set of credentials that are provided by a user or on behalf of a user,” Id. at 1008-09 (quoting '346 Patent at 9:50-51), and that a user “‘perform[s]' an authentication when the user takes an action that provides credentials, or that plays a role in launching a provision of credentials on the user's behalf, to obtain access to resources.” Id. at 1009. Given the Federal Circuit's guidance, the Court construes “single-sign-on operation” to mean:
a process by which a user is not required take an action that provides credentials, or that plays a role in launching a provision of credentials on the user's behalf, to gain access to a second entity's resources after the user has been authenticated with a first entity.
This interpretation is consistent with Zillow's proposed instruction, see Zillow Op. Br. at 20 (Dkt. 211-1), but the clauses in Zillow's construction have been reversed to conform with the Federal Circuit's guidance.
5. Triggering a Single-Sign-On Operation on Behalf of the User
Zillow proposes that the Court construe “triggering” to mean “automatically initiating,” and “on behalf of the user” to mean “when an event occurs that requires an authentication that the user has not requested.” These modifications are unnecessary and the Court declines to adopt them. Zillow's construction, particularly the second clause, improperly imports limitations into the claims at issue. Armed with the Court's interpretation of “single-sign-on operation,” and the ordinary meanings of the words “triggering” and “on behalf of the user,” a trier of fact could perform its work, and the Court agrees with IBM that no further construction is necessary.
Conclusion
For the foregoing reasons, the Court ORDERS:
(1) The term “data processing system” is interpreted as meaning “computers connected through a network that perform data processing.”
(2) The term “federated computer environment” is interpreted as meaning “an environment having a loosely coupled affiliation of a plurality of distinct enterprises that adhere to certain standards of interoperability; the
federation provides a mechanism for trust among those enterprises with respect to certain computational operations for the users within the federation.”
(3) The term “protected resource(s) is interpreted as meaning “an application, an object, a document, a page, a file, executable code, or other computational resource, communication-type resource, etc., identified by a Uniform Resource Locator (URL), or more generally, a Uniform Resource Identifier (URI), that can only be accessed by an authenticated and/or authorized user.”
(4) The term “single-sign-on operation” is interpreted as meaning “a process by which a user is not required take an action to provide credentials, or that plays a role in launching a provision of credentials on a user's behalf, to gain access to a second entity's resources after the user has been authenticated with a first entity.”
(5) In light of the Court's other interpretations, the term “triggering a singlesign-on operation on behalf of the user” need not be further construed.
(6) The Clerk is directed to send a copy of this Order to all counsel of record.
IT IS SO ORDERED.