Opinion
Case No. 19-cv-01206-EMC
07-02-2020
TRUSTED KNIGHT CORPORATION, Plaintiff, v. INTERNATIONAL BUSINESS MACHINES CORPORATION (IBM), Defendant.
ORDER RE CLAIM CONSTRUCTION
I. INTRODUCTION
Plaintiff Trusted Knight Corporation ("Trusted Knight") brings this action against Defendant International Business Machines Corporation ("IBM"), accusing IBM of infringing Trusted Knight's United States Patent No. 9,503,473 ("the '473 Patent"). On June 2, 2020, the parties appeared before the Court for a claim construction hearing, and on June 9, 2020, the parties submitted supplemental briefing on the role that predecessor claims play in the construction of subsequent claims. The parties have asked the Court to construe only one term, which appears in claims 1, 11, 22, and 26 of the '473 patent.
Originally, the parties asked the Court to construe two terms, but shortly before the claim construction hearing, the parties notified the Court that they had agreed to construe the term "an Application Programming Interface (API) stack," as "an API stack, accessed by a web browser application, including web browser and operating system APIs." See Transcript of June 2, 2020 Proceedings at 4, Docket No. 86. Accordingly, the Court adopts the parties' agreed upon construction of the term "an Application Programming Interface (API) stack."
II. BACKGROUND
A. The '473 Patent
Trusted Knight filed this lawsuit against IBM on March 5, 2019, alleging infringement of its '473 patent, which issued on November 22, 2016. See Docket No. 1. The '473 patent is entitled "Apparatus, System, and Method for Protecting Against Keylogging Malware," and it "relates to systems and methods for preventing key logger malware that utilizes form grabbing techniques to steal financial and identity information from users' browsers." See '473 Patent at 1:21-24. The patent contends that "[k]ey logging is a method of capturing keyboard input to a computer or computing device," which "is a common technique for obtaining passwords and sensitive information using unauthorized software." Id. at 1:50-53. This is the second patent infringement case between the parties, as Trusted Knight explains: "The first case involved U.S. Patent No. 8,316,445 ('the '445 Patent') which is an ancestor of the '473 Patent. The '473 Patent incorporates by reference the entire disclosure of the '445 Patent." See Opening Claim Construction Brief ("Opening Brief") at 4, Docket No. 62.
On March 28, 2019, IBM filed an answer and counterclaim against Trusted Knight, seeking a declaration of patent non-infringement and a declaration of patent invalidity. See Docket No. 16. Claim construction briefing was completed on May 1, 2020. See Docket Nos. 62, 67, and 71. The Court held a tutorial via Zoom webinar on May 15, 2020. See Docket No. 77. B. The Relevant Claims
The text of the relevant claims is provided below (with term to be construed in bold).
1. Claim 1
1. A method for preventing software key logging executable by a microprocessor, comprising:
installing and maintaining an anti-key lodger [sic] at a most privileged access level for browser events in an Application Programming Interface (API) stack; detecting, by the anti-key logger, a browser form Submission initiation call event associated with data inputs entered by a user, wherein the form submission initiation call event is an OnSubmit call event or a Before Navigate call event; submitting the data
inputs to a designated entity; and clearing, by the anti-key logger, confidential data from the data inputs to protect against the threat of key logging malware capturing the confidential data.
2. Claim 11
11. A computer program product to prevent Software key logging including computer program code embedded in a non-transitory microprocessor-readable storage medium executable by a microprocessor, which when executed on the microprocessor, implements a method, comprising:
installing and maintaining an anti-key logger at a most privileged access level for browser events in an Application Programming Interface (API) stack; detecting, by the anti-key logger, a browser form Submission initiation call event associated with data inputs entered by a user, wherein the form submission initiation call event is an OnSubmit call event or a Before Navigate call event; submitting the data inputs to a designated entity; and clearing, by the anti-key logger, confidential data from the data inputs, thereby protecting against the threat of key logging malware capturing the confidential data.
3. Claim 22
22. A method for preventing software key logging executable by a microprocessor, comprising:
installing and maintaining an anti-key logger at a most privileged access level for browser events in an Application Programming Interface (API) stack; detecting, by the anti-key logger, a browser form Submission initiation call event associated with data inputs entered by a user in a user input area of a web page, wherein the form submission initiation call event is an OnSubmit call event or a BeforeNavigate call event; submitting the data inputs to a designated entity; identifying form input fields on the web page having confidential data; clearing, by the anti-key logger, the confidential data to prevent capture of the confidential data by key logging malware; and wherein the clearing of the confidential data is performed regardless
of whether or not key logging malware is present.
4. Claim 26
26. A computer program product to prevent Software key logging including computer program code embedded in a non-transitory microprocessor-readable storage medium executable by a microprocessor, which when executed on the microprocessor, implements a method, comprising:
installing and maintaining an anti-key logger at a most privileged access level for browser events in an Application Programming Interface (API) stack; detecting, by the anti-key logger, a browser form Submission initiation call event associated with data inputs entered by a user in a user input area of a web page, wherein the form submission initiation call event is an OnSubmit call event or a BeforeNavigate call event; submitting the data inputs to a designated entity; identifying form input fields on the web page having confidential data; clearing, by the anti-key logger, the confidential data to prevent capture of the confidential data by key logging malware; and wherein the clearing of the confidential data is performed regardless of whether or not key logging malware is present.
III. DISCUSSION
A. Legal Standard
Claim construction is a question of law, although it may have factual underpinnings. See Icon Health & Fitness, Inc. v. Polar Electro Oy, 656 Fed. App'x 1008, 1013 (Fed. Cir. 2016); see also Multilayer Stretch Cling Film Holdings, Inc. v. Berry Plastics Corp., 831 F.3d 1350, 1357 (Fed. Cir. 2016). It "serves to define the scope of the patented invention and the patentee's right to exclude." HTC Corp. v. Cellular Communs. Equip., LLC, 877 F.3d 1361, 1367 (Fed. Cir. 2017); see also O2 Micro Int'l Ld. v. Beyond Innovation Tech. Co., 521 F.3d 1351, 1360 (Fed. Cir. 2008) (stating that the purpose of claim construction is "to determin[e] the meaning and scope of the patent claims asserted to be infringed") (internal quotation marks omitted).
Claim construction proceeds according to important principles of interpretation. First, "the claims of a patent define the invention," Innova/Pure Water, Inc. v. Safari Water Filtration Sys., Inc., 381 F.3d 1111, 1115 (Fed. Cir. 2004). The words of a claim are generally given their "ordinary and customary meaning," which is the "meaning that the term would have to a person of ordinary skill in the art in question at the time of the invention." Phillips, 415 F.3d at 1312-13. "The inquiry into how a person of ordinary skill in the art understands a claim term provides an objective baseline from which to begin claim interpretation." Id. at 1313. Such a person "read[s] the claim term not only in the context of the particular claim in which the disputed term appears, but in the context of the entire patent, including the specification." Id.
"In some cases, the ordinary meaning of claim language as understood by a person of skill in the art may be readily apparent even to lay judges, and claim construction in such cases involves little more than the application of the widely accepted meaning of commonly understood words." Id. at 1314. In other instances, however, claim language requires interpretation. In construing claim language, the court looks to "those sources available to the public that show what a person of skill in the art would have understood disputed claim language to mean," including "the words of the claims themselves, the remainder of the specification, the prosecution history, and extrinsic evidence concerning relevant scientific principles, the meaning of technical terms, and the state of the art." Id. (quotations and citations omitted).
"[T]he claims themselves provide substantial guidance as to the meaning of particular claim terms." Id. at 1314. The "context in which a term is used in the asserted claim," "[o]ther claims of the patent in question, both asserted and unasserted," and "[d]ifferences among claims" are all instructive. Id. "The claims, of course, do not stand alone" and instead "must be read in view of the specification," which is "[u]sually . . . dispositive" and "the single best guide to the meaning of a disputed term." Id. at 1315.
Courts "normally do not interpret claim terms in a way that excludes disclosed examples in the specification." Verizon Servs. Corp. v. Vonage Holdings Corp., 503 F.3d 1295, 1305 (Fed. Cir. 2007). However, in general, "limitations from the specification are not to be read into the claims." Comark Commc'ns, Inc. v. Harris Corp., 156 F.3d 1182, 1186 (Fed. Cir. 1998). That is because "the purposes of the specification are to teach and enable those of skill in the art to make and use the invention and to provide a best mode for doing so." Phillips, 415 F.3d at 1323. The effect and force of specifications varies. "[U]pon reading the specification in that context, it will become clear whether the patentee is setting out specific examples of the invention to accomplish those goals, or whether the patentee instead intends for the claims and the embodiments in the specifications to be strictly coextensive." Id.
In addition to consulting the specification, "the court should also consider the patent's prosecution history." Markman v. Westview Instruments, Inc., 52 F.3d 967, 980 (Fed. Cir. 1995), aff'd, 517 U.S. 370 (1996) (citing Graham v. John Deere Co., 383 U.S. 1, 33 (1966)). However, because the "prosecution history represents an ongoing negotiation between the [Patent and Trademark Office] and the applicant," it "often lacks the clarity of the specification" and therefore "is less useful." Phillips, 415 F.3d at 1317.
Though intrinsic evidence—the claims, specification, and prosecution history—is more significant and reliable than extrinsic evidence, courts may also consider the extrinsic record in claim construction, including expert and inventor testimony, dictionaries, and learned treatises. Id. at 1317-18. "Within the class of extrinsic evidence, . . . dictionaries and treatises," "especially technical dictionaries . . . can assist the court in determining the meaning of particular terminology to those of skill in the art" because they "endeavor to collect the accepted meanings of terms used in various fields of science and technology." Id. at 1318.
Further, expert testimony can "provide background on the technology at issue, to explain how an invention works, to ensure that the court's understanding of the technical aspects of the patent is consistent with that of a person of skill in the art, or to establish that a particular term in the patent or the prior art has a particular meaning in the pertinent field." Id. However, "conclusory, unsupported assertions" are not useful, nor should the court accept expert testimony "that is clearly at odds with the claim construction mandated by the claims themselves, the written description, and the prosecution history." Id. (quotation and citation omitted). /// /// /// /// B. Analysis
| Trusted Knight'sProposal | No construction necessary.If construed, the term means "position so that it preventsmalware from having a superior level of access." |
|---|---|
| IBM's Proposal | "kernel level" |
The term to be construed is "most privileged access level." Trusted Knight maintains that the term does not require construction, as it "can be readily understood by a person of ordinary skill in the art as having its plain and ordinary meaning without the need for any special construction." Opening Brief at 1. However, it also provides a proposed construction, should the Court determine that construction is necessary. Id. at 2. For its part, IBM believes that claim construction is necessary, and it urges the Court to construe the claims more narrowly than Trusted Knight believes is appropriate.
In particular, Trusted Knight proposes that if construction is necessary, the term should be construed as "position so that it prevents malware from having a superior level of access." Id. at 10. IBM contends that the term has no plain and ordinary meaning and should be construed as "kernel level." IBM's Responsive Claim Construction Brief ("Responsive Brief") at 6-7, Docket No. 67. In essence, Trusted Knight asks the Court to furnish the term with a relative meaning ("position so that it prevents malware from having a superior level of access"), while IBM asks the Court to adopt an absolute construction of the term ("kernel level"). It is Trusted Knight's contention that IBM's construction is an attempt to "narrow" or "limit the scope of the claims to avoid infringement." Opening Brief at 10.
The parties clearly disagree about the scope of this term, which presents the Court with a dispute it must resolve. "It is not the meaning of the words that determines whether a term needs to be construed; rather, it is whether there is an actual dispute over the scope of the term." Simpson Strong-Tie Co., Inc. v. Oz-Post Int'l, LLC, 373 F. Supp. 3d 1288, 1294 (N.D. Cal. 2019); O2 Micro, 521 F.3d at 1362 ("When the parties present a fundamental dispute regarding the scope of a claim term, it is the court's duty to resolve it.").
In resolving the interpretative dispute presented by the parties, the Court must determine whether "most privileged access level" has a plain and ordinary meaning or whether claim construction is necessary. While it may sometimes be "readily apparent" that a term has an "ordinary meaning . . . as understood by a person of skill in the art," the Court does not find a plain and ordinary mean of the term "most privileged access level" to be "readily apparent" such that nothing "more than the application of the widely accepted meaning of commonly understood words" will be required. Id. at 1313-14. The declaration submitted by Trusted Knight does not convince the Court that a person of ordinary skill in the art would conclude otherwise. The declaration from Adam Sorini, a computer scientist at Exponent (an engineering and scientific consulting firm), states:
No construction is needed for the term "most privileged access level." This term has a plain and ordinary meaning that is readily understood by a POSITA to a reasonable degree of certainty. In the context of the '473 Patent and its invention for protecting against form grabbing malware, "most privileged access level" refers to a level of access superior to any other software components (including malware, if present) accessing sensitive data in the browser memory space.Declaration of Adam Sorini ("Sorini Decl.") ¶ 46, Docket No. 62-1.
However, Mr. Sorini's allegation is conclusory, and offers the Court little more than his conclusion that the tern "has a plain and ordinary meaning that is readily understood by a POSITA." Id.; see also id. ¶ 53 ("[I]t is my opinion that the term 'most privilege [sic] access level' does not require construction."). For its part, IBM has submitted a declaration from Patrick McDaniel, a computer science professor (at Pennsylvania State University), who testified that "'most privileged access level' is meaningless to a person having ordinary skill in the art." Declaration of Patrick McDaniel ("McDaniel Decl.") ¶ 6, Docket No. 69. In support of that contention, he noted that the term is not "commonly used," does not have a "commonly understood meaning," lacks a "dictionary definition," and that, were a person of ordinary skill in the art to see the term in isolation, he or she "would be forced to ask: the 'most privileged access level of what?'" Id. ¶¶ 58, 59. The lack of a readily apparent plain and ordinary meaning - combined with Trusted Knight's failure to present any convincing evidence that a person of ordinary skill in the art could readily understand the term as having a plain and ordinary meaning - requires the Court to construe the term. To do so, it looks to "those sources available to the public that show what a person of skill in the art would have understood disputed claim language to mean," including "the words of the claims themselves, the remainder of the specification, the prosecution history, and extrinsic evidence concerning relevant scientific principles, the meaning of technical terms, and the state of the art." Phillips, 415 F.3d at 1314.
First, the Court looks to the words of the claims themselves. Phillips, 415 F.3d at 1314. On this issue, the Court notes the term disputed by the parties is "most privileged access level," not "more privileged access level." While the word most does not necessarily foreclose the construction advanced by Trusted Knight ("position so that it prevents malware from having a superior level of access"), it suggests reference to the zero-ring level for two reasons: (1) because the word most is a superlative word which typically refers to one thing - that which enjoys supremacy above all else, and (2) because, the zero-ring level is, as the '473 Patent states, "the level with the most privileges . . . also known as the kernel level." '473 Patent 8:50-53 (emphasis added). Put differently, if the zero-ring level is without dispute literally the level with the most privileges and access, it is thus the "most privileged access level."
As the patents indicate, and as the parties explained both in their briefing and at the technology tutorial, computer operating systems have different "ring levels" at which different programs operate. The "kernel level" or "zero-ring level" (or Ring 0 level) is considered the most privileged; it interacts with physical hardware, like the computer processing unit and memory. The "user level" or "Ring 3 level" is the least privileged level; it is typically where software processes run.
Indeed, the parties reached a conclusion involving these very claim terms in earlier litigation. In 2015, the parties participated in a claim construction proceeding regarding several disputed terms in the predecessor '445 Patent. See Trusted Knight Corp. v. Int'l Bus. Machines Corp., No. CV 14-1063-LPS-CJB, 2015 WL 7307134 (D. Del. Nov. 19, 2015), judgment entered sub nom. Trusted Knight Corp. v. Int'l Bus. Machines Corp. & Trusteer, Inc., No. CV141063LPSCJB, 2015 WL 13123196 (D. Del. Dec. 23, 2015), and aff'd, 681 F. App'x 898 (Fed. Cir. 2017) (available at Docket No. 62-5 in this case). In that proceeding, the parties agreed to construe the term "0-ring level" (which the parties agree here is synonymous with "kernel level") as "most privileged access level." Id. at *7. Trusted Knight argues IBM should not now be permitted to "revers[e] course and argu[e] that this claim is somehow unclear or indefinite." Reply Claim Construction Brief ("Reply") at 13. Instead, Trusted Knight asks the Court to ignore the fact that the parties previously agreed to equate the meaning of these two terms. When asked to clarify why the parties had previously agreed to construe the term "zero-ring level," IBM explained that the parties previously believed it "was not a terminology . . . amenable to a jury" and so the parties sought language that would be more "readily understood." Transcript at 29. Trusted Knight did not meaningfully disagree this contention. See, e.g., id. at 7 ("Here's this term in the claim. We want to make it understandable. We think that 'zero-ring level,' in the context of the claim, is not understandable. It's confusing."). The parties' prior agreement equating "zero-ring level" with "most privileged access level," is consistent with IBM's current construction. Construction of the predecessor '473 Patent is highly informative to the dispute herein.
Trusted Knight argues that the invention taught by the '473 can operate at different levels, including at the ring-three level and thus the operation of invention would be inconsistent with IBM's construction. See Transcript at 24-25. However, the invention described in the '473 Patent can be installed at the zero-ring level but operate at the three-ring level. See Transcript at 52, 54, 63. Indeed, Trusted Knight highlights this distinction in its supplemental briefing, noting that "[t]he Court recognized that in order to encompass the anti-form-grabbing embodiments covered by the '473 Patent's claims, the anti-key logger necessarily may 'operate' or be 'embodied' in user space and still be 'installed' in the kernel level." Docket No. 88 at 4.
IBM's construction is supported by the specifications. First, all of the embodiments in the '473 Patent describe the zero-ring level, and none show installation other than at the zero-ring level. While the Court is mindful that importing limitations from the specification is inappropriate, see, e.g., Teleflex, Inc. v. Ficosa N. Am. Corp., 299 F.3d 1313, 1328 (Fed. Cir. 2002) (noting that the district court erred by important a limitation from the specification into the claim); CollegeNet, Inc.v. ApplyYourself, Inc., 418 F.3d 1225, 1231 (Fed. Cir. 2005) ("[T]his court will not at any time import limitations from the specification into the claims."), it also notes that it is appropriate to consider the specification for proper context about the meaning of a contested term, see CollegeNet, 418 F.3d at 1231; AquaTex Indus., Inc. v. Techniche Sols., 419 F.3d 1374, 1382 (Fed. Cir. 2005) (looking to "[t]he combined teachings within the specification" for evidence of how one of ordinary skill in the art would understand a term). Here, the fact that all of the embodiments in the '473 Patent describe installation at the zero-ring level suggests that installation at the zero-ring level is what is contemplated by the '473 Patent. Put differently, there is no indication from the embodiments that the patentee meant to cover anything other than installation at the zero-ring level.
Second, the patent also purports to protect against all of the following:
Window title enumeration using FindWindow( )'473 Patent 9:25-38. However, at the hearing, IBM argued that protection against at least some of the listed threats would require installation at the zero-ring level. See Transcript at 48-50. Although Trusted Knight challenged the notion that protection against all of these threats would require installation at the zero-ring level, it conceded that protection against some of them would require installation at that level:
BHO or Firefox Browser Extension hooks
LSP (Layered Service Provider)
DDE (Dynamic Data Exchange) using WWW GetWin dowinfo topic
OLE (Object Linking and Embedding) using IWeb Browser2
API Hooking (e.g. Wininet HttpSendRequest)
Windows Hooking (e.g. SetWindowsHookEx, WH GET MESSAGE/WH KEYBOARD)
Form grabber key loggers
Browser location (current URL) gatherers
THE COURT: Well, but let me ask you. To protect against API hooking, you need protection, I assume, at the zero-ring level. Correct?Id. at 58. In addition, Trusted Knight did not challenge the fact that, as for threats that do not require installation at the zero-ring level, protection could still be provided if installation occurred there. Id. at 52-53. Hence the embodiments highlighted by Trusted Knight would not be categorically excluded if installation were to be required at the kernel- or zero-ring level. Id.
MR. GUPTA: And, Your Honor, Diagram 7 -- if you could pull that up, please, Max -- you know, I think makes this pretty clearly. So, yeah, for hook-based keyloggers, Your Honor, that's where they live, and that's where you want the protection in the kernel space, and that's the relevant most privileged access level.
Finally, the scope of the '445 Patent also indicates that the invention is installed at the zero-ring level. See, e.g. '445 Patent at 7:39-43 ("This invention protects against malicious form-grabbing software and stops it from capturing passwords and other data. Initially, software in accordance with the present invention installs itself at the 0 ring level for all browser events within a stack.") (emphasis added). Trusted Knight seeks to disavow the force of the '445 Patent and its specifications, arguing that the prior claims of the '445 Patent were "absolutely not relevant." Transcript, at 63. Trusted Knight contends that "the claims of a predecessor patent are not binding on the scope of a successor patent," see Docket No. 88 at 1, and that the scope of the '473 Patent is in fact different from the scope of the '445 Patent, id. at 2. Specifically, it contends that "[t]he '473 Patent's claims are specifically tailored to defeating form-grabbing keyloggers in user space, whereas the (now invalid) '445 Patent's claims were tailored to defeating both hook-grabbing key loggers and form-grabbing key loggers." Id. at 3. This makes it "inappropriate to look to references in the '445 Patent's specification and claims when interpreting the scope and proper construction of the '473 Patent's claims." Id. at 4. However, this position is directly contradicted by arguments advanced by Trusted Knight at the claim construction hearing:
THE COURT: Let me stop you right there. So when you say -- as I understand, what you're saying is that this was an attempt to really bring clarity to the '445 on this point, not to change the nature or the scope of the invention?Transcript at 8, 60, 64. Trusted Knight agrees the '473 Patent does not exceed the scope of the '445 Patent. That the '445 Patent involves software that inserts and executes at a zero-ring level in an API stack, see, e.g., '445 Patent at 11:37-39, counsels strongly in favor of construing the term "most privileged access level" to mean "zero-ring level."
MR. GUPTA: Oh, absolutely not, no. I mean, Your Honor, I'm sure that my brothers here representing IBM would never allow a scope in the change, nor would that be appropriate.
. . .
THE COURT: All right. How do you explain -- going to the '445, which is relevant because that defines the scope. You can't exceed the scope of the '445.
MR. GUPTA: Correct.
. . .
MR. GUPTA: We should absolutely be held to the specification of the '445 because it's the same specification in the '473.
To be sure, several of the claim terms of the '445 Patent were found to be indefinite, and several claims were invalidated on that basis. See Trusted Knight, 2015 WL 7307134, at *7 (finding "In response to the software key logging through the API stack to an internet communication port" and "a process of passing the encrypted data to a 3-ring level where a hook inserted by a hook-based key logger" to be indefinite); see also Trusted Knight Corp. v. Int'l Bus. Machines Corp., 681 F. App'x 898, 904 (Fed. Cir. 2017) (affirming district court ruling and holding that claims 21 and 23 were invalid for indefiniteness). However, those determinations were not made on grounds relevant here. Invalidated claims do not "cease to be a part of the intrinsic record merely because they are invalid." Docket No. 87 (IBM's Supplemental Brief) at 2 (citing Texas Digital Sys., Inc. v. Telegenix, Inc., 308 F.3d 1193, 1202 (Fed. Cir. 2002) ("When a patent is granted, prosecution is concluded, the intrinsic record is fixed, and the public is placed on notice of its allowed claims.")). Likewise, "district courts have considered indefinite claims when construing other claims in the same patent." Id. (citing Network-1 Sec. Sols., Inc. v. Cisco Sys., Inc., 692 F. Supp. 2d 632, 640, 643 (E.D. Tex. 2010) (citing language in indefinite claims 1 and 4 for constructions of two of the terms to be construed)). --------
IV. CONCLUSION
For the foregoing reasons, the Court construes the term "most privileged access level" to mean "zero-ring level." As noted above, the parties agree that "kernel level" and "zero-ring level" are the same thing; the Court adopts the term "zero-ring level" because that was the term agreed to by the parties in their prior litigation and its meaning will be comprehensible to the jury.
IT IS SO ORDERED. Dated: July 2, 2020
/s/_________
EDWARD M. CHEN
United States District Judge