Informatica Corporationv.Protegrity Corporation

Patent Trial and Appeal Board

May 31, 2016

09027585 (P.T.A.B. May. 31, 2016)

Trials@uspto.gov Paper No. 38
571.272.7822 Entered: May 31, 2016

UNITED STATES PATENT AND TRADEMARK OFFICE
____________

BEFORE THE PATENT TRIAL AND APPEAL BOARD
____________

INFORMATICA CORPORATION,
Petitioner,

v.

PROTEGRITY CORPORATION,
Patent Owner.
____________

CBM2015-00021
Patent 6,321,201 B1
____________

Before KEVIN F. TURNER, MEREDITH C. PETRAVICK, and
GREGG I. ANDERSON, Administrative Patent Judges.

TURNER, Administrative Patent Judge.

FINAL WRITTEN DECISION
Covered Business Method Patent Review
35 U.S.C. § 328(a) and 37 C.F.R. § 42.73

CBM2015-00021
Patent 6,321,201 B1

2

I. INTRODUCTION
A. Background
Informatica Corporation (“Petitioner”) filed a Petition (Paper 1,
“Pet.”) requesting a review under the transitional program for covered
business method patents of claims 1–8 and 18–53 of U.S. Patent No.
6,321,201 B1 (Ex. 1001, “the ’201 Patent”). Protegrity Corporation (“Patent
Owner”) filed a Preliminary Response (Paper 8, “Prelim. Resp.”). Pursuant
to 35 U.S.C. § 324, we instituted this trial on the following grounds:
Ground Prior Art Challenged Claims
§ 101 n/a 1–8 and 18–53
§ 103 Hoffman1 and IBM D22 1, 2, 8, 19–26, 29, 31–34,
37–44, 47, and 40–52
§ 103 Hoffman, IBM D2, and Du3 35 and 53
Paper 14 (“Dec.”).
Subsequently, Patent Owner filed a Patent Owner’s Response. Paper
22 (“Resp.”). Petitioner filed a Reply to Patent Owner’s Response. Paper
24 (“Reply”).
Additionally, Patent Owner also filed a Motion for Observation
Regarding Cross Examination of Petitioner’s declarant Dr. Michael Shamos
(Paper 25, “Mot. Observation”), to which Petitioner filed a Response. Paper
33. Petitioner filed a Motion to Exclude Evidence (Paper 28, “Motion. to

1 Lance J. Hoffman, The Formulary Model for Flexible Privacy and Access
Controls, AFIPS Fall Joint Computer Conference Proceedings (1971) (Ex.
1010).
2 Public use of the IBM DB2 database management system, various
documents (Exs. 1015, 1017–1023).
3 U.S. Patent No. 5,412,806 issued May 2, 1995 (Ex. 1012).
CBM2015-00021
Patent 6,321,201 B1

3

Exclude”), Patent Owner filed an Opposition to Petitioner’s Motion to
Exclude Evidence (Paper 32), and Petitioner filed a Reply thereto. Paper 35.
An oral hearing was held on November 13, 2015. A transcript of the
hearing is included in the record. Paper 36 (“Tr.”).
We have jurisdiction under 35 U.S.C. § 6(c). This Final Written
Decision is issued pursuant to 35 U.S.C. § 328(a) and 37 C.F.R. § 42.73.

B. Related Matters
Petitioner identifies Protegrity Corp. v. Informatica Corp., No. 3:14-
cv-02588 (N.D. Cal. June 6, 2014) as a related district court proceeding.
Pet. 76. Patent Owner identifies numerous other related district court
matters that would be affected by a decision in this proceeding. See Paper 4,
3–5.
The ’201 Patent is also the subject of previously pending proceedings
CBM2015-00002 and CBM2015-00021, and pending proceeding
CBM2015-00030. The ’201 Patent was also the subject of Reexamination
No. 90/011,364, with some originally issued claims confirmed and
cancelled, one claim amended, and several claims added.
U.S. Patent No. 8,402,281 B2 is a continuation of the ’201 Patent (Ex.
1002, “the ’281 Patent”). The ’281 Patent is the subject of previously
pending proceedings CBM2014-00182, CBM2015-00006, and CBM2015-
00010. The ’281 Patent was also the subject of terminated proceedings
CBM2014-00024 and CBM2014-00121, where those proceedings
terminated due to settlement between the parties.

CBM2015-00021
Patent 6,321,201 B1

4

C. The ’201 Patent
The ’201 Patent, titled “Data Security System for a Database having
Multiple Encryption Levels Applicable on a Data Element Value Level,”
issued on November 20, 2001, based on Application No. 09/027,585, filed
on February 23, 1998. The ’201 Patent claims priority as a continuation
application to PCT/SE97/01089, filed on June 18, 1997.
The ’201 Patent is concerned with protecting data against
unauthorized access. Ex. 1001, 2:21–34. The ’201 Patent states that “in
other fields, such as industry, banking, insurance, etc[.], improved protection
is desired against unauthorized access to the tools, databases, applications[,]
etc.[,] that are used for administration and storing of sensitive information.”
Id. at 1:27–39. Figure 4 is reproduced below.

Figure 4 depicts the ’201 Patent’s system
The system shown in Figure 4 includes an operative database (O-DB)
and another database, IAM-DB. O-DB database contains data element
values DV that are to be protected. Id. at 5:53–58. IAM-DB database
CBM2015-00021
Patent 6,321,201 B1

5

contains a data protection catalogue (DPC), which stores protection
attributes (e.g., P1*) for data element types (e.g., DT1) that are associated
with data element values DV. Id. at 9:29–51. The protection attributes state
rules for processing the corresponding data element values DV. Id. at 3:46–
51. For example, a protection attribute indicates the degree to which data
element value DV is encrypted (id. at 7:57–63) or indicates that only
accepted, or certified, programs are allowed to process data element value
DV (id. at 9:20–28). See id. at 4:45–65. When a user initiates an attempt to
process a certain data element value DV, a compelling calling is created to
data protection catalogue DPC to obtain the protection attributes associated
with the data element type for data element value DV. Id. at 2:54–61. The
processing of data element value DV is then controlled in conformity with
the protection attributes. Id. at 2:64–67, 3:55–65. Thus, the individual data
element or data element type becomes the controlling unit for determining
the level of protection. Id. at 4:33–38.
Claims 1 and 8 of the ’201 Patent are illustrative of the claims at
issue, with all other challenged claims being dependent on one of those
claims, and read as follows:
1. A method for processing of data that is to be protected,
comprising:
storing the data as encrypted data element values (DV) in
records (P) in a first database (O-DB), the first database (O-DB)
having a table structure with rows and columns, each row
representing a record (P) and each combination of a row and a
column representing a data element value (DV), in the first
database (O-DB) each data element value (DV) is linked to a
corresponding data element type (DT);
storing in a second database (IAM-DB) a data element
protection catalogue (DPC), which contains each individual data
CBM2015-00021
Patent 6,321,201 B1

6

element type (DT) and one or more protection attributes stating
processing rules for data element values (DV), which in the first
database (O-DB) are linked to the individual data element type
(DT);
for each user-initiated measure aiming at processing of a
given data element value (DV) in the first database (O-DB),
initially producing a calling to the data element protection
catalogue for collecting the protection attribute/attributes
associated with the corresponding data element type, and
controlling the user’s processing of the given data element
value in conformity with the collected protection
attribute/attributes.

8. An apparatus for processing data that is to be protected,
comprising:
a first database (O-DB) for storing said data as encrypted
data element values (DV) in records (P), said first database (O-
DB) having a table structure with rows and columns, each row
representing a record (P) and each combination of a row and a
column representing a data element value (DV), in said first
database (O-DB) each data element value (DV) is linked to a
corresponding data element type (DT);
a second database (IAM-DB) for storing a data element
protection catalogue (DPC), which contains each individual data
element type (DT) and one or more protection attributes stating
processing rules for data element values (DV), which in the first
database (O-DB) are linked to the individual data element type
(DT);
said apparatus being adapted, in each user-initiated
measure aiming at processing a given data element value (DV)
in the first database (O-DB), to initially produce a calling to the
data element protection catalogue for collecting the protection
attribute/attributes associated with the corresponding data
element types, and
CBM2015-00021
Patent 6,321,201 B1

7

said apparatus being adapted to control the user's
processing of the given data element value in conformity with
the collected protection attribute/attributes.

II. ANALYSIS
A. Claim Construction
The Board interprets claims of unexpired patents using the broadest
reasonable construction in light of the specification of the patent in which
they appear. 37 C.F.R. § 42.300(b); In re Cuozzo Speed Techs., LLC, 793
F.3d 1268, 1278–79 (Fed. Cir. 2015), cert. granted sub nom. Cuozzo Speed
Techs., LLC v. Lee, 136 S. Ct. 890 (mem.) (2016).
Under the broadest reasonable construction standard, claim terms are
given their ordinary and customary meaning, as would be understood by one
of ordinary skill in the art in the context of the entire disclosure. In re
Translogic Tech., Inc., 504 F.3d 1249, 1257 (Fed. Cir. 2007). Any special
definition for a claim term must be set forth with reasonable clarity,
deliberateness, and precision. In re Paulsen, 30 F.3d 1475, 1480 (Fed. Cir.
1994).
In our Institution Decision, we construed three terms specifically:
“processing rules,” “data element type,” and “database.” Dec. 14–18.
Although apparently not taking issue with our construction of “processing
rules,” Patent Owner argues that our constructions for “data element type”
and “database” should be modified, arguing that we applied “an
unreasonably broad definition to the term ‘database.’” Resp. 15–22. Patent
Owner also argues that specific constructions of claim terms “given data
element value in the first database” and “initially producing a calling,” are
necessary to understand the context of the instant claims. We address these
CBM2015-00021
Patent 6,321,201 B1

8

contentions below.
i. Database
Petitioner proposed that the broadest reasonable construction of
“database” is “any organization of structured data.” Pet. 14. According to
Petitioner, its proposed construction is the same construction taken by Patent
Owner in a district court proceeding concerning the ’201 Patent. Id.
Patent Owner argues that Petitioner’s proposal is unreasonably broad
and proposes that the broadest reasonable construction of “database” is “a
data processing system for managing an organized collection of structured
data.” Resp. 16–20. Patent Owner argues that Petitioner’s proposed
construction is unreasonably broad in the context of the ’201 Patent because
the database must be construed to allow for the database to make automatic
and compelling callings to the data element protection catalogue. Id. at 17–
18. Patent Owner argues that its construction is consistent with the ’201
Patent and is supported by the testimony of its declarants Mr. Mattsson and
Dr. Direen, Petitioner’s declarant Mr. Schneier, and Dr. Shamos and
supported by certain database manuals and technical definitions of the era.
Id. at 17–19.
a. Claim Language
“Claim construction begins, as it must, with the words of the claims.”
Vehicular Techs. Corp. v. Titan Wheel Int'l, 141 F.3d 1084, 1088 (Fed. Cir.
1998) (citing Bell Commc’ns Research, Inc. v. Vitalink Commc’ns Corp., 55
F.3d 615, 619–20 (Fed. Cir. 1995)). Independent claim 1 recites “[a]
method for processing of data that is to be protected” that includes, among
other steps, “storing the data as encrypted data element values (DV) in
records (P) in a first database (O-DB)” and “storing in a second database
CBM2015-00021
Patent 6,321,201 B1

9

(IAM-DB) a data element protection catalogue (DPC).” Ex. 1001, 11:12–
24. Independent claim 1 also recites that the first database has a table
structure with rows and columns. As such, claim 1, and the other challenged
claims that depend therefrom, recites that the database comprises or stores
different types of data. Both first and second databases are also recited in
independent claim 8, having the same attributes.
Claims 1 and 8, and the claims dependent on those independent
claims, do not recite that the database performs any other function, other
than the storage of data. Although claim 1 recites that for each user-initiated
measure aiming at processing of a given data element, a calling to the data
element protection catalogue is initially produced, the claim does not specify
what element produces the calling. See id. at 11:29–32. Additionally,
independent claim 8 recites an apparatus having a database that stores data
to be protected. This latter claim was amended during reexamination to
recite that the apparatus, not the database, controls the user’s processing of
the data according to the data processing rules, and the apparatus, not the
database, also produces the compelling calling to the data element protection
catalogue. Ex. 1001, Ex Parte Reexamination Certificate 1:41–51.
The words of the claims of the ’201 Patent, thus, are consistent with
Petitioner’s proposed construction as being the broadest reasonable
construction.
b. Written Description
The written description is “always highly relevant” in construing a
claim, and “it is the single best guide to the meaning of a disputed term.”
Vitronics Corp. v. Conceptronic, Inc., 90 F.3d 1576, 1582 (Fed. Cir. 1996).
The written description of the ’201 Patent provides specific definitions of
CBM2015-00021
Patent 6,321,201 B1

10

many terms (Ex. 1001, 2:64–3:43) but does not contain a definition of
“database.”
The claimed database for storing a plurality of data element values
corresponds to the O-DB database disclosed in the ’201 Patent. The O-DB
database is part of a larger “database management system” that includes
multiple databases. Id. at 5:49–6:12, Fig. 3. Similar to the other databases,
the O-DB database is described as containing data and, in particular, data to
be protected. Id. at 5:53–58. Contrary to Patent Owner’s argument (Resp.
20), the ’201 Patent does not describe the O-DB database, or any other
database, as performing any other data processing or managing functions. In
particular, the ’201 Patent does not describe that the O-DB database
produces the compelling calling to the data protection catalogue. See Ex.
1001, 10:44–58 (“is first collected by the system”); see id. at Abstract, 2:54–
61, 3:51–65, 4:16–22, 7:57–61 (describing a compelling calling to a data
protection catalogue, but failing to describe the compelling calling being
produced by the O-DB database).
The database managing system includes not only a number of
databases, but also, a number of modules. Id. at 6:13–45 (“The data system
in FIG. 3 further comprises a hardware component 10, a control module 20
(IAM-API), and a program module 30 (PTY-API).”), Fig. 3. The modules
include control module 20, also labeled as an Information Assets Manager
Application Program Interface (“IAM-API”), which “controls the handling
of the types of data protection that the system can supply” and “carries out
the processing requested via API . . . programming interface.” Id. at 6:34–
39, Fig. 3.
CBM2015-00021
Patent 6,321,201 B1

11

Petitioner’s proposed construction is the broadest reasonable
construction consistent with the written description of the ’201 Patent.
c. Declarant Testimony
Patent Owner proffers the testimony of declarants Mr. Mattsson and
Dr. Direen in support of its proposed construction. Resp. 18–20 (citing Ex.
2063 ¶¶ 31–33, 44–51; Ex. 2064 ¶¶ 52–58). Mr. Mattsson testifies that
“[d]efinitions vary among practitioners but, generally, a database is meant to
be a collection of data whereby the data is held so that it can be retrieved,
manipulated, reported on, managed, queried, and protected” and that in the
context of the ’201 Patent the database does more than store data, such as
manage or process the data. Ex. 2063 ¶¶ 46–48. Specifically, Mr. Mattsson
testifies that “the Specification describes how the first database must
‘automatically produce[] a system calling to the data element protection
catalogue’” and that Petitioner’s construction “does not provide for how
system callings (or any calling or processing) could take place if database is
only to mean the data that is managed by the system.” Id. ¶ 50.
Dr. Direen’s testimony is substantially the same as Mr. Mattsson’s
testimony. See Ex. 2064 ¶¶ 52–58.
Mr. Mattsson’s and Dr. Direen’s testimony is unpersuasive because it
is inconsistent with the ’201 Patent. As discussed above, the ’201 Patent
describes the O-DB as one database in a larger database management
system. Ex. 1001, 5:49–6:12. The ’201 Patent describes the O-DB database
as containing data and describes the modules of the larger database
management system as performing data processing. Id. at 5:53–58, 6:13–45.
The ’201 Patent does not describe the O-DB database as producing
the compelling calling. See Ex. 1001, 10:44–58 (“is first collected by the
CBM2015-00021
Patent 6,321,201 B1

12

system”); see id. at Abstract; 2:54–61, 3:51–65; 4:16–22; 7:57–61
(disclosing a compelling calling to a data protection catalogue, but failing to
describe the compelling calling being produced by the O-DB database). The
assertion that the compelling calling is produced by the O-DB database is
only found in Patent Owner’s arguments, Mr. Mattsson’s testimony, and
Dr. Direen’s testimony, and not the ’201 Patent. See, e.g., Ex. 2063 ¶¶ 31,
32, 50–51; Ex. 2064 ¶ 57. Extraneous features should not be read into the
claim. Renishaw PLC v. Marposs Societa’ per Azioni, 158 F.3d 1243, 1249
(Fed. Cir. 1998); E.I. du Pont de Nemours & Co. v. Phillips Petroleum Co.,
849 F.2d 1430, 1433 (Fed. Cir. 1988). In that regard, “extrinsic evidence
may be used only to assist in the proper understanding of the disputed
limitation; it may not be used to vary, contradict, expand, or limit the claim
language from how it is defined, even by implication, in the specification or
file history.” Bell Atl. Network Servs. v. Covad Commc’ns Grp., 262 F.3d
1258, 1269 (Fed. Cir. 2001); see Vitronics, 90 F.3d at 1584 (“[E]xpert
testimony, which was inconsistent with the specification and file history,
should have been accorded no weight.”).
Further, we give little weight to Mr. Mattsson’s testimony because
Mr. Mattsson is not a disinterested witness. Mr. Mattsson is Patent Owner’s
Chief Technology Officer (Ex. 2063 ¶ 1) and has an interest in the outcome
of this proceeding.
Patent Owner also argues that the testimony of Petitioner’s declarant
Dr. Shamos and the testimony of Mr. Schneier, a declarant from a related
proceeding, support its proposed construction. Resp. 18–20 (citing Ex.
2062, 71:23–72:6–15, 115:2–15; Ex. 2061, 36:10–37:24, 106:25–107:3;
Ex. 2067, 64:15–21, 69:9–13). Mr. Schneier’s and Dr. Shamos’s testimony,
CBM2015-00021
Patent 6,321,201 B1

13

however, does not support Patent Owner’s proposed construction, but
supports Petitioner’s proposed construction as the broadest reasonable
construction. Mr. Schneier agreed, when questioned by Patent Owner, that a
reasonable interpretation of database is “a system that includes blobs of data
in the organization and structure to make that work” (Ex. 2062, 76:2–6), but
Mr. Schneier also testifies that Petitioner’s proposed construction is a
reasonable definition that “coincided with what the patent seemed to say”
(id. at 76:16–77:2). Likewise, Dr. Shamos testifies that “database” can have
multiple definitions (Ex. 2061, 36:10–37:24), but Dr. Shamos also testifies
that in the context of the ’201 Patent and under the broadest reasonable
interpretation standard “database” means an “organized collection of
structured data” (id. at 37:25–38:8; Ex. 1003 ¶ 57). The Board construes
claims using the broadest reasonable construction in light of the
specification of the patent in which they appear. 37 C.F.R. § 42.300(b).
d. Database Manual and Technical Encyclopedia
Patent Owner also proffers a database manual and a technical entry
for “database management system” of a technical encyclopedia to support its
construction. Resp. 19 (citing Exs. 2068, 2069). This extrinsic evidence is
also unpersuasive as both the database manual and the encyclopedia entry
are directed to a database management system, as opposed to simply a
database.
e. Broadest Reasonable Construction of “Database”
We determine that the broadest reasonable construction of “database,”
in light of the Specification of the ’201 Patent and the proffered evidence, is
“an organized collection of structured data.” As discussed above, this
construction is consistent with the words of the claims, the disclosure of the
CBM2015-00021
Patent 6,321,201 B1

14

’201 Patent, the testimony of Mr. Schneier and Dr. Shamos, and the position
taken by Patent Owner in the related district court proceeding. We are not
persuaded by Patent Owner’s arguments, Patent Owner’s declarants’
testimony, database manual, or technical encyclopedia that this construction
is unreasonably broad.
ii. Data Element Type
In our Decision to Institute, we determined that the broadest
reasonable construction, in light of the Specification, of “data element type”
is “identification of a specific category of data” as proposed by Petitioner
and disclosed in the Specification. Dec. 17–18 (citing Pet. 15; Ex. 1001 3:1–
6). Patent Owner contends that a portion of the construction, “identification
of,” is not supported and is not accurate, and should be omitted from the
construction. Resp. 20. As we are not persuaded that there is any
appreciable difference in scope, with or without the addition of
“identification of,” we adopt Patent Owner’s construction, such that the
broadest reasonable construction, in light of the Specification of the ’201
Patent, and the proffered evidence, of “data element type” is “a specific
category of data.”
Patent Owner also raises the issue that we described claim 1 as not
requiring data element types in related decisions, that this was contrary to
the Specification and the claims, and that our construction of “data element
type” should take that into consideration. Resp. 20–22. We acknowledged
the misstatement in response to Patent Owner’s Request for Rehearing in the
related decisions, acknowledging the error and determining it to be de
minimis with respect to our claim construction and initial determinations.
See CBM2015-00014, Paper 40, 9–11.
CBM2015-00021
Patent 6,321,201 B1

15

iii. Processing Rule
In our Decision to Institute, we determined that the broadest
reasonable construction, in light of the Specification, of “data processing
rule” is “rules for processing data,” as proposed by Petitioner. Dec. 15–17
(citing Pet. 14). Patent Owner does not dispute this construction in its Patent
Owner’s Response.
For the reasons proffered by Petitioner (Pet. 14), the broadest
reasonable construction, in light of the Specification of the ’201 Patent, of
“data processing rules” is “rules for processing data.” See Dec. 15–17.
iv. Given Data Element Value in the First Database
Patent Owner argues that the claim term in claims 1 and 8, “given data
element value (DV) in the first database,” must be read as “the unencrypted
data element value,” and the processing request must be “aimed at the
unencrypted (given) data element value.” Resp. 22 (citing Ex. 2063 ¶ 33;
Ex. 2064 ¶ 48). We do not agree.
Claims 1 and 8 do not recite unencrypted data element values, and
only recites “encrypted data element values.” Those claims do not specify
that the “given data element value” should be encrypted or unencrypted. We
are not persuaded by Patent Owner’s declarants (Ex. 2063 ¶ 33; Ex. 2064 ¶
48) as their testimonies are conclusory and are unsupported by the
Specification or claims of the ’201 Patent. Although the “given data element
value” could be the unencrypted data element value, it need not be in the
context of claim 1.
v. Initially Producing a Calling
Patent Owner argues that the claim term in claims 1 and 8, “initially
producing a calling,” should be read as “the database itself that produces the
CBM2015-00021
Patent 6,321,201 B1

16

calling to the data element protection catalogue,” as compared to the
operating system or the individual field producing the calling. Resp. 22–23
(citing Ex. 1001, 3:53–61; Ex. 2067 ¶ 22; Ex. 2066 ¶¶ 19, 41). We do not
agree. As discussed above, we are persuaded that the application 40, control
module 20, and program module 30 handle system calls in the ’201 Patent,
and the calling need not be produced by the first database itself.
vi. Other Proposed Constructions
Both Petitioner and Patent Owner propose constructions for various
other claim terms. See Pet. 13–16; Prelim. Resp. 46–49. For the purposes of
our review of the claims of the ’201 Patent, however, no explicit
construction of any other claim term is needed.

B. Standing to Seek Covered Business Method Patent Review
Section 18 of the AIA4 provides for the creation of a transitional
program for reviewing covered business method patents. Section 18 limits
review to persons or their privies that have been sued or charged with
infringement of a “covered business method patent,” which does not include
patents for “technological inventions.” AIA §§ 18(a)(1)(B), 18(d)(1).
37 C.F.R. § 42.302 states “[c]harged with infringement means a real and
substantial controversy regarding infringement of a covered business method
patent exists such that the petitioner would have standing to bring a
declaratory judgment action in Federal court.”
Petitioner states that it was sued for infringement of the ’201 Patent in
Protegrity Corp. v. Informatica Corp., No. 3:13-cv-01410 (D. Conn. Sept.

4 Leahy-Smith America Invents Act, Pub. L. No. 112-29, 125 Stat. 284, 329
(Sept. 16, 2011) (“AIA”).
CBM2015-00021
Patent 6,321,201 B1

17

25, 2013), and is not estopped from challenging the ’201 Patent in the instant
proceeding. Pet. 8–9. Patent Owner does not dispute this statement.
i. Financial Product or Service
A covered business method patent “claims a method or corresponding
apparatus for performing data processing or other operations used in the
practice, administration, or management of a financial product or service,
except that the term does not include patents for technological inventions.”
AIA § 18(d)(1). The “legislative history explains that the definition of
covered business method patent was drafted to encompass patents ‘claiming
activities that are financial in nature, incidental to a financial activity or
complementary to a financial activity.’” Transitional Program for Covered
Business Method Patents—Definitions of Covered Business Method Patent
and Technological Invention, 77 Fed. Reg. 48,734, 48,735 (Aug. 14, 2012)
(Final Rule) (quoting 157 Cong. Rec. S5432 (daily ed. Sept. 8, 2011)
(statement of Sen. Schumer)). The legislative history indicates that
“financial product or service” should be interpreted broadly. Id.; see Versata
Dev. Grp., Inc. v. SAP America, Inc., 793 F.3d 1306, 1323–26 (Fed. Cir.
2015).
A patent need have only one claim directed to a covered business
method to be eligible for review. 77 Fed. Reg. at 48,736 (Response to
Comment 8).
Petitioner contends that the ’201 Patent “claims a method for
performing data processing or other operations that are at least incidental to
the practice, administration, or management of a financial product or
service” and, thus, is a covered business method patent. See Pet. 5–8.
Patent Owner contends that the ’201 Patent does not claim a financial
CBM2015-00021
Patent 6,321,201 B1

18

service or product. Resp. 48–52. Patent Owner argues that “not a single
word in any single claim of the ’201 Patent that is purportedly directed to a
financial product or service.” Resp. 52.
We do not interpret the statute as requiring the literal recitation of
terms of data processing of financial products or services. As recognized in
the legislative history: “[t]o meet this [eligibility] requirement the patent
need not recite a specific financial product or service. Rather, the patent
claims must only be broad enough to cover a financial product or service.”
157 Cong. Rec. S1365 (daily ed. Mar. 8, 2011) (statement of Sen. Schumer).
In this regard, claim 1 recites “controlling the user’s processing of the
given data element value in conformity with the collected protection
attribute/attributes.” The Specification discloses that protection attributes
are used to protect against unauthorized access of a data portion in a
database (see Ex. 1001, 4:26–32) and that banking is a field where
protection against unauthorized access to databases that are used for
administering and storing sensitive information is desired. Id. at 1:27–31;
see also id. at Fig. 5, 11:1–10 (describing an example where “Social
Allowance” and “Housing Allowance” are the protected data and “Financial
manager” is an authorized user). Banking is a financial activity.
Likewise, Patent Owner’s declarant Dr. Direen testifies that “[t]he
standard examples, which are examples of market concern, are protecting
data items such as credit card numbers and social security numbers[s].” Ex.
2064 ¶ 27 (emphasis added). Dr. Direen’s testimony discusses such an
example. Id. ¶¶ 11, 14, 27–49, Figs. 1–15. In Dr. Direen’s example, the
data include credit card numbers, credit card PIN numbers, and salary
information; the data categories include credit card number and salary; and
CBM2015-00021
Patent 6,321,201 B1

19

the data processing rules include credit card protection attributes and salary
protection attributes. See, e.g., id. ¶¶ 31, 34, 44, Figs. 1, 10. Credit card
numbers, credit card PIN numbers, and salary are all data which are
financial in nature.
Although not sufficient on its own, the ’201 Patent is classified in
705/51 of the Office’s patent classification system. See 77 Fed. Reg. at
48,739; see Versata, 793 F.3d at 1324, n.14 (noting that while Class 705
“apparently served as the original template for the definition of a ‘covered
business method,’ . . . [it] was thought to be too narrow”) (citation omitted);
Pet. 6. Class 51—“Usage protection of distributed data files” is a subclass
indented under subclass 705/50—“Subject matter including cryptographic
apparatus or methods uniquely designed for or utilized in . . . the processing
of financial data.” Classification Definitions (Jan. 2012),
http://www.uspto.gov/web/patents/classification/uspc705/defs705.htm.
We are persuaded by Petitioner that at least claim 1 encompasses
activities that are financial in nature, incidental to a financial activity, or
complementary to a financial activity. See 77 Fed. Reg. at 48,735.
We are not persuaded by Patent Owner’s argument that previous
Board decisions demonstrate that the ’201 Patent is not a covered business
method patent. Resp. 49–52 (citing PNC Fin. Servs Grp., Inc. v. Intellectual
Ventures I, LLC, Case CBM2014-00032, slip op. at 10 (PTAB May 22,
2014) (Paper 13); J.P. Morgan Chase & Co. v. Intellectual Ventures II LLC,
Case CBM2014-00160, slip op. at 11 (PTAB Jan. 29, 2015) (Paper 11);
Salesforce.com Inc. v. Applications in Internet Time, LLC, Case CBM2014-
00162, (PTAB Feb. 2, 2015) (Paper 11)). The cited previous Board
decisions are not precedential and are not binding on this panel.
CBM2015-00021
Patent 6,321,201 B1

20

Nonetheless, we have reviewed the allegedly conflicting decisions.
Our review of these decisions, however, reveals that the determination of
whether the patent is a covered business method patent rests upon the
specific facts of those proceedings. For example, in PNC Financial
Services, the Board determined that a showing that the patent was asserted
against a financial service in an infringement proceeding was not enough to
establish that the patent was a covered business method patent. See PNC
Fin. Servs, CBM2014-00032, Paper 13 at 14. The Board stated that whether
an allegedly infringing product was a financial service was just one factor
and that the petitioners had not shown how “the ’298 patent, either through
its claims, Specification, or prosecution history, encompasses ‘activities that
are financial in nature, incidental to a financial activity or complementary to
a financial activity.’” Id. at 13–14. Similarly, in J.P. Morgan and
Salesforce, the Board determined whether the patent was a covered business
method patent based upon the particular facts of those proceedings. Patent
Owner does not establish that the facts in those proceedings are sufficiently
similar to the facts in this proceeding. As discussed above, we determined,
based upon the facts in this proceeding, that the ’201 Patent is a covered
business method patent.
We are also not persuaded by Patent Owner that the ’201 Patent is not
a covered business method patent, because “the entire reason behind the
invention contradicts any such allegation” that the invention of the ’201
Patent is incidental to a financial service or product. Resp. 52. According to
Patent Owner, the Swedish Data Inspection, AB, mandated protection
legislation for personally-identifiable information to protect students and
they “did not, however, mandate data protection solely for financial
CBM2015-00021
Patent 6,321,201 B1

21

institutions.” Id. (citing Ex. 2022 ¶¶ 14–16 (testimony of Mr. Mattsson); Ex.
2081 (U.S. Patent No. 5,606,610, which allegedly discloses Patent Owner’s
first attempt to comply with the Swedish legislation)).
The ’201 Patent makes no mention of the Swedish legislation or that
the legislation was for the protection of students. The ’201 Patent makes no
mention of students at all. Notably, U.S. Patent No. 5,606,610, which Patent
Owner argues was also the result of the Swedish legislation, likewise fails to
mention the Swedish legislation or the need to protect student data, but does
disclose that banking is a sector where it is essential that stored data be
protected against unauthorized access. See Ex. 2081, 1:13–16.
We are persuaded by Petitioner that a preponderance of the evidence
shows that at least claim 1 of the ’201 Patent encompasses a method or
corresponding apparatus for performing data processing or other operations
used in the practice, administration, or management of a financial product or
service.
ii. Technological Invention
The definition of “covered business method patent” in Section
18(d)(1) of the AIA does not include patents for “technological inventions.”
To determine whether a patent is for a technological invention, we consider
“whether the claimed subject matter as a whole recites a technological
feature that is novel and unobvious over the prior art; and solves a technical
problem using a technical solution.” 37 C.F.R. § 42.301(b). Both prongs
must be satisfied in order for the patent to be excluded as a technological
invention.
The following claim drafting techniques, for example, typically do not
render a patent a “technological invention”:
CBM2015-00021
Patent 6,321,201 B1

22

(a) Mere recitation of known technologies, such as
computer hardware, communication or computer networks,
software, memory, computer-readable storage medium,
scanners, display devices or databases, or specialized machines,
such as an ATM or point of sale device.
(b) Reciting the use of known prior art technology to
accomplish a process or method, even if that process or method
is novel and non-obvious.
(c) Combining prior art structures to achieve the normal,
expected, or predictable result of that combination.
Office Patent Trial Practice Guide, 77 Fed. Reg. 48,756, 48,763–64 (Aug.
14, 2012).
a. A Technological Feature that Is Novel and
Unobvious over the Prior Art
Petitioner argues that the ’201 Patent is not for a technological
invention because none of the claims recite a technological feature that is
novel and nonobvious over the prior art. Pet. 5–7. Petitioner, further, argues
that the ’201 Patent is not for a technological invention because none of the
claims solve a technical problem using a technical solution. Id. at 6–7.
According to Petitioner, “[t]he [’]201 Patent describes no new technology
for protecting data against unauthorized access” and that “[m]aking use of
known technology in the manner, as provided by the [’]201 Patent claims,
does not solve a technical solution to a technical problem.” Id. Patent
Owner argues that “the evidence demonstrates that the ’201 Patent’s claims
recite technological features that were novel and nonobvious over the prior
art at the time of the invention.” Resp. 53.
We are persuaded by Petitioner that the ’201 Patent is not for a
technological invention because at least claim 1 does not satisfy the first
prong of the test. Claim 1 does not recite a technological feature that is
CBM2015-00021
Patent 6,321,201 B1

23

novel or unobvious over the prior art. Claim 1 recites a method that is
“storing” data in multiple “databases,” and controlling a user’s processing
“in conformity with the collected protection attribute/attributes.” Data
processing computers having databases, which store the data, and controlling
access thereto, were known at the time of filing the ’201 Patent. See Ex.
1001, 1:20–31; Pet. 5–7.
We are persuaded by Petitioner that a preponderance of the evidence
shows that at least claim 1 does not recite a technological feature that is
novel or unobvious over the prior art and does not satisfy the first prong of
the test.
b. Solves a Technical Problem with a Technical Solution
Petitioner argues that the ’201 Patent is not for a technological
invention because none of the claims solve a technical problem using a
technical solution. Pet. 6–7. According to Petitioner, the ’201 Patent is
directed to the problem of granting access to data only if associated rules are
satisfied, which is solved by maintaining a database of data and a separate
data protection table that has rules. Id. at 6. Petitioner argues that such a use
of a data processing computer with databases is known technology. Id. at 6–
7.
Patent Owner argues that the ’201 Patent is for a technological
invention, because it solves a technical problem with a technical solution.
Resp. 29–34, 53–54. According to Patent Owner, the ’201 Patent solves
three problems: 1) “separation of duties,” thereby “prevent[ing] the
[database administrator] from accessing sensitive data” (id. at 33); 2) “the
ability to implement data protection at the data element level [in the
database] without requiring application-level changes to the various
CBM2015-00021
Patent 6,321,201 B1

24

computer programs and applications that were seeking to retrieve protected
data” from the database (id. at 34); and 3) providing “data element level
protection across many brands of databases (e.g., Oracle, IBM DB2,
Informix, and Microsoft) that a company might be using in-house” (id. at
34). The alleged solution is “data to be protected in a first database, while
the rules for protection were stored outside that database and thus outside the
purview of the [database administrator].” Id. at 34.
We are persuaded by Petitioner that the ’201 Patent does not solve a
technical problem with a technical solution. See Pet. 6–7. The ’201 Patent
discloses that its objective is “to increase the protection against unauthorized
access to sensitive information.” Ex. 1001, 2:21–24; see also id. at 2:3–18,
1:15–17 (describing that the ’201 Patent “concerns . . . a method and an
apparatus for data processing . . . for accomplishing increased protection
against unauthorized processing of data”).
None of the three technical problems identified by Patent Owner are
described in the ’201 Patent. See Resp. 29–34. The ’201 Patent makes no
mention of a need to protect data from a database administrator, to eliminate
application-level changes to the various computer programs and applications
that were seeking to retrieve protected data from the database, or to provide
protection across many brands of databases. Id. Likewise, the ’201 Patent
does not describe the technical solution, alleged by Patent Owner, because
the ’201 Patent does not describe a first database that calls out to the second
database, as discussed above in section II(A)(ii). The claims of the ’201
Patent also do not require the alleged technical solution. Neither claim 1 nor
any other claim requires specifically that a first database calls out to a
second database.
CBM2015-00021
Patent 6,321,201 B1

25

We are persuaded by Petitioner that a preponderance of the evidence
shows that at least claim 1 does not solve a technical problem using a
technical solution, and, thus, at least claim 1 also does not satisfy the second
prong. Thus, the ’201 Patent is a covered business method patent that is not
a technological invention.
For the reasons discussed above, we are persuaded by Petitioner that
the ’201 Patent is eligible for covered business method patent review.

C. 35 U.S.C. § 101
i. Section 101 Subject Matter Eligibility
For claimed subject matter to be patent-eligible, it must fall into one
of four statutory classes set forth in 35 U.S.C. § 101: a process, a machine, a
manufacture, or a composition of matter. The Supreme Court recognizes
three categories of subject matter that are ineligible for patent protection:
“laws of nature, physical phenomena, and abstract ideas.” Bilski v. Kappos,
561 U.S. 593, 601 (2010) (internal quotations and citation omitted). A law
of nature or an abstract idea by itself is not patentable; however, a practical
application of the law of nature or abstract idea may be deserving of patent
protection. Mayo Collaborative Servs. v. Prometheus Labs., Inc., 132 S. Ct.
1289, 1293–94 (2012). To be patentable, however, a claim must do more
than simply state the law of nature or abstract idea and add the words “apply
it.” Id.
In Alice Corp. Pty, Ltd. v. CLS Bank International, 134 S. Ct. 2347
(2014), the Supreme Court recently clarified the process for analyzing
claims to determine whether claims are directed to patent-ineligible subject
matter. In Alice, the Supreme Court applied the framework set forth
CBM2015-00021
Patent 6,321,201 B1

26

previously in Mayo, “for distinguishing patents that claim laws of nature,
natural phenomena, and abstract ideas from those that claim patent-eligible
applications of those concepts.” Alice, 134 S. Ct. at 2355. The first step in
the analysis is to “determine whether the claims at issue are directed to one
of those patent-ineligible concepts.” Id. If they are directed to a patent-
ineligible concept, the second step in the analysis is to consider the elements
of the claims “individually and ‘as an ordered combination’” to determine
whether the additional elements ‘transform the nature of the claim’ into a
patent-eligible application.” Id. (quoting Mayo, 132 S. Ct. at 1298, 1297).
In other words, the second step is to “search for an ‘inventive concept’ —
i.e., an element or combination of elements that is ‘sufficient to ensure that
the patent in practice amounts to significantly more than a patent upon the
[ineligible concept] itself.’” Id. (alteration in original) (quoting Mayo, 132
S. Ct. at 1294). Further, the “prohibition against patenting abstract ideas
‘cannot be circumvented by attempting to limit the use of the formula to a
particular technological environment’ or adding ‘insignificant postsolution
activity.’” Bilski, 561 U.S. at 610–11 (quoting Diamond v. Diehr, 450 U.S.
175, 191–92 (1981)).
Accordingly, utilizing this framework, we review Petitioner’s
contention that claims 1–8 and 18–53 of the ’201 Patent are directed to
ineligible subject matter.
ii. Availability of § 101
Patent Owner argues that § 101 is not available to challenge
patentability in a covered business method patent review, because it is not
included in 35 U.S.C. § 282(b)(2) or (3). Resp. 23–25.
We disagree. Under the AIA, any ground that could be raised under
CBM2015-00021
Patent 6,321,201 B1

27

§§ 282(b)(2) or (3) can be raised in a post-grant review or (with exceptions
not relevant here) in a covered business method patent review. The final
rules implementing post-grant review and covered business method patent
review in the Federal Register state that the “grounds available for post-grant
review include 35 U.S.C. [§§] 101 and 112, with the exception of
compliance with the best mode requirement.” 77 Fed. Reg. 48,680, 48,682
(Aug. 14, 2012). This interpretation is consistent with both the relevant case
law and the legislative history. See, e.g., Mayo, 132 S. Ct. at 1305
(addressing invalidity under § 101 when it was raised as a defense to an
infringement claim); Graham v. John Deere Co., 383 U.S. 1, 12 (1966)
(stating that the 1952 Patent Act “sets out the conditions of patentability in
three sections,” citing 35 U.S.C. §§ 101, 102, and 103); Dealertrack, Inc. v.
Huber, 674 F.3d 1315, 1330 n.3 (Fed. Cir. 2012); H.R. Rep. No.112-98, at
47 (2011); 157 Cong. Rec. S1375 (daily ed. Mar. 8, 2011).
Additionally, the Federal Circuit decided that covered business
method patent reviews may include challenges under § 101. See Versata
Dev. Grp., Inc. v. SAP America, Inc., 793 F.3d 1306, 1329–30 (Fed. Cir.
2015). Thus, § 101 is a proper ground for a review under the transitional
program for covered business method patents.
iii. Ineligible Concept
Petitioner contends that the claims of the ’201 Patent are merely
directed to an abstract idea of “rule based data access.” Pet. 17. Patent
Owner disputes that the challenged claims of the ’201 Patent are directed to
an abstract idea. See Resp. 25–40. According to Patent Owner, “protection
of data in a first database through rules stored in a second database” provides
a solution to a problem “necessarily rooted in computer technology.” Id. at
CBM2015-00021
Patent 6,321,201 B1

28

25–26; see id. at 25–47 (citing DDR Holdings, LLC v. Hotel.com, L.P., 773
F.3d 1245 (Fed. Cir. 2014)).
Of the challenged claims, only claims 1 and 8 are independent claims,
and all of the other challenged claims depend directly or indirectly on those
claims. Claim 1 is directed to a method of processing data that is to be
protected and is nominally within the process category of statutory subject
matter. Claim 8 is directed to an “apparatus for processing data that is to be
protected,” and is nominally within the machine category of statutory subject
matter. Statutory class, however, is not by itself determinative of whether a
claim is directed to patent-eligible subject matter. “Regardless of what
statutory category (‘process, machine, manufacture, or composition of
matter,’ 35 U.S.C. § 101) a claim’s language is crafted to literally invoke,
we look to the underlying invention for patent-eligibility purposes.”
CyberSource Corp. v. Retail Decisions, Inc., 654 F.3d 1366, 1374 (Fed. Cir.
2011). See Alice, 134 S. Ct. 2358–59; Bancorp Servs. v. Sun Life Assurance
Co., 687 F.3d 1266, 1275 (Fed. Cir. 2012).
Independent claim 1 recites a data processing method that grants
access to a data element value if the rules associated with a data element
type that is associated with the requested data element value are satisfied.
Ex. 1001, 11:12–37. Claim 1 also requires a database that comprises the
data element values, where the database has a table structure with each
combination of a row and a column representing a data element value. Id.
A data element protection catalogue is in a second database and comprises
data processing rules that must be satisfied before the data element value can
be accessed. Id. The data processing rules are linked with the data element
type. Id. Thus, independent claim 1 recites a method that grants access to a
CBM2015-00021
Patent 6,321,201 B1

29

requested data element value if the rules associated with a data element type
that is associated with the requested data element value are satisfied. Id.
Independent claim 8 recites similar elements to those recited in claim
1, including first and second databases with similar attributes, and also
recites that apparatus is “adapted to control the user’s processing of the
given data element value in conformity with the collected protection
attribute/attributes.”
Given the above, we are persuaded by Petitioner that the claims are
directed to the abstract idea of determining whether access to data should be
granted based on whether one or more rules are satisfied. Patent Owner
raises several counter arguments that we address below.
Patent Owner argues that the solution provided by the ’201 Patent is
necessarily rooted in computer technology because it addresses the
protection of data in a first database through rules stored in a second
database. Resp. 25–26 (citing DDR Holdings, 773 F.3d 1245). Patent
Owner alleges additionally that the claims of the ’201 Patent are directed to
a specific solution for protecting data at the data element level in a databases
through use of rules stored in a separate database. Id. at 26. We do not
agree.
The claims in DDR Holdings are described as providing a result that
“overrides the routine and conventional sequence of events.” DDR
Holdings, 773 F.3d at 1258. The databases and access rules recited in
claims 1 and 8 perform their normal functions and achieve expected results.
The protection of data in a database at the data element level still comports
with the abstract idea of determining whether access to data should be
granted based on whether one or more rules are satisfied. Similarly, storing
CBM2015-00021
Patent 6,321,201 B1

30

the rules in a separate database does not change the expected operation of
the rules or the database, merely the location of those rules.
Patent Owner also argues that the claims of the ’201 Patent cannot
preempt the use of the abstract idea in all fields, because the Petition and
supporting declaration show that there are other ways of implementing
“rule-based data access control,” none of which do so at the data element
level based on rules stored in an external database. Resp. 28–29 (citing Pet.
73–74; Bilski v. Kappos, 561 U.S. at 611–12). This is not persuasive,
however, because the elements that Patent Owner determines to be outside
the abstract idea, i.e., access control at the data element level based on rules
stored in an external database, may simply be a particular technological
environment, as discussed in the next section.
We are also mindful of recent admonishments by the Federal Circuit
that the first step of our analysis should not be pro forma when the claims
are directed to improvements in software. See Enfish, LLC v. Microsoft
Corp., No. 2015-1244 , 2016 WL 2756255, at *4 (Fed. Cir. May 12, 2016)
(“We thus see no reason to conclude that all claims directed to improvements in
computer-related technology, including those directed to software, are abstract
and necessarily analyzed at the second step of Alice, nor do we believe that Alice
so directs”). We are not persuaded, however, that the instant claims are
directed to a specific improvement to the way computers operate. As
discussed above, the abstract idea of the instant claims is directed to
determining whether access to data should be granted based on whether one
or more rules are satisfied. The databases and access rules recited in claims
1 and 8 perform their normal functions and achieve expected results.
Additionally, storing the rules in a separate database does not change the
CBM2015-00021
Patent 6,321,201 B1

31

expected operation of the rules or the database, merely the location of those
rules. As such, we remain persuaded that the invention of claims 1 and 8 are
directed to an abstract idea and thus embrace an ineligible concept.
iv. Inventive Concept
Next, we look for additional elements that can “transform the nature
of the claim” into a patent-eligible application of an abstract idea. That is,
we determine whether the claims include an “inventive concept,” i.e., an
element or combination of elements sufficient to ensure that the patent in
practice amounts to significantly more than a patent on the abstract idea
itself. Alice, 134 S. Ct. at 2357. The Supreme Court in Alice cautioned that
merely limiting the use of an abstract idea “to a particular technological
environment” or implementing the abstract idea on a “wholly generic
computer” is not sufficient as an additional feature to provide “practical
assurance that the process is more than a drafting effort designed to
monopolize the [abstract idea] itself.” Alice, 134 S. Ct. at 2358.
a. Independent Claims 1 and 8
Petitioner argues that the claims “fail to add sufficiently meaningful
limitations that restrict the claimed subject matter beyond an abstract idea.”
Pet. 19. In this regard, Petitioner argues that the claims recite only generic
computer elements and functions that were well-known and conventional.
Id.; see id. at 20–22. Petitioner also argues that the steps of storing data and
a catalogue of attributes, as well as calling up the attributes and controlling a
user’s processing (e.g., granting access), are merely pre- or post-processing
steps that do not add something meaningful to the abstract idea. Id.
Petitioner, further, argues that even when the claimed steps or components
CBM2015-00021
Patent 6,321,201 B1

32

are considered as ordered combinations, they do nothing more than add an
instruction to apply the abstract idea using a generic computer. Id. at 21–22.
Claims 1 and 8 require the storing of data in databases, where some
data are stored as encrypted data element values, associated with a data
element type, and a plurality of data processing rules, associated with a data
element type, are stored in a separate data protection catalogue. Ex. 1001,
11:15–28, 12:3–17. Data processing computers having separate databases,
which store associated data and associated attributes, were well-known and
conventional at the time of filing the ’201 Patent. See Ex. 1003 ¶¶ 19–21,
24–29. Storing data and associated rules in separate databases is nothing
more than routine data gathering and does not transform the abstract idea
into a patent-eligible invention. See CyberSource, 654 F.3d at 1370. Claims
1 and 8 also recite that the first database has a table structure with rows and
columns, which is also conventional and was well-known. See Ex. 1003
¶ 20. Restricting access to columns or fields of databases is well-understood
and conventional activity. See Ex. 1003 ¶ 25. Well-understood, routine,
conventional activity does not add significantly more to the abstract idea.
Mayo, 132 S. Ct. at 1298.
Claims 1 and 8 further require that for each user-initiated measure
aiming at processing of a given data element value, a calling is produced to
the data element protection catalogue for the protection attributes of the data
element type. Ex. 1001, 11:29–34, 12:18–23. This is well-understood,
routine, conventional activity that does not add significantly more to the
abstract idea. Mayo, 132 S. Ct. at 1298; see Pet. 21–22; Ex. 1003 ¶ 28.
Claims 1 and 8 finally require that user’s processing of the requested
data element value occurs in conformity with the collected protection
CBM2015-00021
Patent 6,321,201 B1

33

attributes. Ex. 1001, 11:35–37, 12:24–26. Such granting of access to a user
is merely a conventional post-solution activity. Conventional post-solution
activity is not sufficient to transform the abstract idea into patent-eligible
subject matter. See Parker v. Flook, 437 U.S. 584, 590–92 (1978).
Even when the claim elements are considered as a combination, they
add nothing that is not already present when the elements are considered
separately. Alice, 134 S. Ct. at 2359. Claims 1 and 8 convey nothing more
meaningful than the fundamental concept of determining whether access to
data should be granted based on whether one or more rules are satisfied.
Upon review of Petitioner’s analysis and supporting evidence and
taking into account Patent Owner’s arguments, discussed below, we are
persuaded by Petitioner that independent claims 1 and 8 do not recite
additional elements that transform the claim into a patent-eligible application
of an abstract idea.
We are not persuaded by Patent Owner’s arguments that the claims
require additional elements that transform that abstract idea into a patent
eligible application (Resp. 40–47) because they are based upon an overly
narrow construction of the claimed elements, as discussed in section II(A)(i)
above, i.e., the ability of the first database calling out to the data protection
catalogue, and based on additional elements not recited or required by the
claims, as discussed in section II(B)(ii) above.
In addition, we are not persuaded by Patent Owner’s argument
regarding DDR Holdings. See Resp. 25–26. Unlike the claimed
combination of elements in DDR Holdings, the claims of the ’201 Patent
appear to combine elements according to their known functions to achieve
routine and conventional results. See DDR Holdings, 773 F.3d at 1257–58.
CBM2015-00021
Patent 6,321,201 B1

34

As discussed above, we are persuaded that the databases and access rules
recited in claims 1 and 8 perform their normal functions and achieve
expected results.
Patent Owner proffers declarations from Mr. Bill Schmidt (Ex. 2065),
Mr. Kurt Pachik (Ex. 2066), and Mr. Ulf Mattsson (Ex. 2063) to
demonstrate that the ’201 Patent provides a novel and nonobvious solution
to a problem deeply rooted in computer technology. Resp. 32–34. The
declarations allegedly show that the invention of the ’201 Patent was used to
protect the formula for Coca-Cola from unauthorized access by database
administrators or system administrators. Id. Mr. Schmidt’s, Mr. Pachik’s,
and Mr. Mattsson’s declarations, however, fail to establish a relationship
between the system provided to Coca-Cola and the claims of the ’201 Patent.
Mr. Schmidt makes no mention of the ’201 Patent and provides no details as
to the system implemented by Coca-Cola. See Ex. 2065. Mr. Pachik, a
former employee of Patent Owner, testifies that he “assisted in implementing
the solution provided in U.S. Patent Nos. 6,321,201 and 8,402,281 . . . for
Coca-Cola” but provides no details of the system. See Ex. 2066 ¶ 5. Mr.
Mattsson, Chief Technology Officer of Patent Owner, testifies generally to
the technology disclosed in the ’201 Patent, but makes no mention of the
system implemented by Coca-Cola. See Ex. 2063. Thus, we are not
persuaded by the declarations of Mr. Schmidt, Mr. Pachik, and Mr. Mattsson
that the ’201 Patent provides a novel and nonobvious solution to a problem
deeply rooted in computer technology.
b. Dependent Claims 2–5, 18, and 36
Dependent claims 2–5, 18, and 36 are directed to basic aspects of data
encryption which serve as pre- and post-processing steps that do not limit
CBM2015-00021
Patent 6,321,201 B1

35

the abstract idea. Petitioner states that the dependent claims do not
“contribute significant or material limitations to the abstract idea, or tie to
any specific computer the abstract idea of rule-based data access.” Pet. 21.
Patent Owner argues that “[e]ncrypting the rules for encryption requires the
ability to perform encryption/decryption operations from within the
database, which itself requires a computer to perform such operations,” and
is a problem necessarily rooted in computer technology. Resp. 46. Patent
Owner also argues that Petitioner does not attempt to explain how such a
problem existed outside of computer systems. Id.
Claims 2–5, 18, and 36 require that elements of the databases be
encrypted or unencrypted, as well as rules of encryption being the protection
attributes of the data element types. Ex. 1001, 11:38–57, Ex Parte
Reexamination Certificate 1:52–54, 2:65–67. Encrypting data using a
cryptographic key and providing the key to authorized users was well-
understood and was a conventional activity. See Ex. 1003 ¶¶ 30–37; Ex.
1010, 1. Encrypting on a field level was also known. Ex. 1010, 1–2.
Encrypting data using cryptographic keys is well-known conventional
activity. Well-understood, routine, conventional activity does not add
significantly more to the abstract idea. Mayo, 132 S. Ct. at 1298.
Therefore, we are persuaded by Petitioner that the additional elements
of dependent claims 2–5, 18, and 36 provide no meaningful limitations to
the abstract idea.
c. Dependent Claim 6
Dependent claim 6 requires the rules to restrict access to data based on
a specific program, or version of a program. Petitioner states that the
dependent claims do not “contribute significant or material limitations to the
CBM2015-00021
Patent 6,321,201 B1

36

abstract idea, or tie to any specific computer the abstract idea of rule-based
data access.” Pet. 21. Such a concept for restricting access was well-known.
Ex. 1003 ¶ 35. Patent Owner argues that “[e]ach of the dependent claims
impose limitations that illustrate how the ’201 Patent is a technological
invention and not a mere abstract idea,” and argues that “[b]y definition, the
limitation [of claim 6] is necessarily rooted in computer technology.” Resp.
46. We do not agree with Patent Owner.
Claim 6 recites, in part, “attributes stating rules for which
program/programs or program versions is/are allowed to be used for
managing the corresponding data element values in the first database.” Ex.
1001, 11:60–62. Although Petitioner’s arguments and evidence may be
directed to the behavior of applications, and not operating systems, they still
demonstrate the use of limiting access based on a program or version of a
program. Dr. Shamos’ testimony demonstrates that such restrictions were
known in the relevant timeframe, and we are persuaded by Petitioner that the
additional elements of dependent claim 6 provide no meaningful limitations
to the abstract idea.
d. Dependent Claim 7
Dependent claim 7 requires that the rules relate to logging of values in
the first database. Petitioner states that the dependent claims do not
“contribute significant or material limitations to the abstract idea, or tie to
any specific computer the abstract idea of rule-based data access.” Pet. 21.
Activity logging was well-known, and the limitations of claim 7 incorporate
well-known concepts and serve as meaningless pre- and post-processing
steps. Ex. 1003 ¶ 36. Patent Owner argues that “[e]ach of the dependent
claims impose limitations that illustrate how the ’201 Patent is a
CBM2015-00021
Patent 6,321,201 B1

37

technological invention and not a mere abstract idea,” but does not argue the
subject matter of claim 7 specifically. Resp. 46. Based on the testimony and
arguments supplied by Petitioner, we are persuaded that logging was well-
known and the limitations of claim 7 provide no meaningful limitations to
the abstract idea.
e. Dependent Claims 19–26 and 37–44
Dependent claims 19, 20, 37, and 38 require the storage of the data
element types and processing rules as specific types of data within the data
element protection catalogue. Ex. 1001, Ex Parte Reexamination Certificate
1:55–65, 3:1–12 (with claim 19 being corrected by a Certificate of
Correction).
Petitioner states that the dependent claims do not “contribute
significant or material limitations to the abstract idea, or tie to any specific
computer the abstract idea of rule-based data access.” Pet. 21. It was
standard in relational database systems, according to Petitioner, to store data
element types and protection attributes as data in the database. Ex. 1023 ¶
38. Patent Owner argues that “[e]ach of the dependent claims impose
limitations that illustrate how the ’201 Patent is a technological invention
and not a mere abstract idea,” but does not argue the subject matter of claims
19, 20, 39, and 40 specifically. Resp. 46. We do not agree with Patent
Owner.
Encryption and other processes performed on a field level were
known. Ex. 1010, 3. Simply storing data in particular forms, without more,
is a well-understood, routine, conventional activity that does not add
significantly more to the abstract idea. Mayo, 132 S. Ct. at 1298.
With respect to claims 21–26 and 39–44, Petitioner states that the
CBM2015-00021
Patent 6,321,201 B1

38

dependent claims do not “contribute significant or material limitations to the
abstract idea, or tie to any specific computer the abstract idea of rule-based
data access.” Pet. 21. The limitations of those claims relate to functionally
generic aspects of a relational database, and present no meaningful
limitations to the abstract idea. Ex. 1033 ¶¶ 38–44. As discussed above, we
are persuaded that the limitations of claims 21–26 are directed to
conventional database operations. See Ex. 1017, 31–32.
Thus, we are persuaded by Petitioner that the additional elements of
dependent claims 19–26 and 37–44 provide no meaningful limitation to the
abstract idea.
f. Dependent Claims 27–29 and 45–47
Claims 27–29 and 45–47 relate to requiring security measures to be
followed for every data request or that access requirements not based on user
identity and not changeable by users. Petitioner states that the dependent
claims do not “contribute significant or material limitations to the abstract
idea, or tie to any specific computer the abstract idea of rule-based data
access.” Pet. 21. According to Petitioner, such processes were well-known
in the art at the time and the fundamental teaching of Hoffman. See Ex.
1003 ¶ 46. As well, access requirements not based on user identity and not
changeable by users were well-known. Id. Patent Owner argues that
“[e]ach of the dependent claims impose limitations that illustrate how the
’201 Patent is a technological invention and not a mere abstract idea,” but
does not argue the subject matter of claims 27–29 and 45–47 specifically.
Resp. 46.
Based on the evidence and arguments supplied by Petitioner, we are
persuaded that it was well-known to restrict access on the basis of user
CBM2015-00021
Patent 6,321,201 B1

39

actions and that the restrictions applied would not generally be accessible to
the users, as that would logically defeat the process of the restrictions. As
such, we are persuaded by Petitioner that the additional elements of
dependent claims 27–29 and 45–47 provide no meaningful limitation to the
abstract idea.
g. Dependent Claims 30–35 and 48–53
Dependent claims 30–35 and 48–53 relate to storing databases in
different locations and replicating databases for redundancy. Petitioner
states that the dependent claims do not “contribute significant or material
limitations to the abstract idea, or tie to any specific computer the abstract
idea of rule-based data access.” Pet. 21. According to Petitioner, such
processes were well-known, and the claims incorporate conventional and
well-known aspects of distributed database systems. See Ex. 1003 ¶ 47.
Patent Owner argues that “[e]ach of the dependent claims impose limitations
that illustrate how the ’201 Patent is a technological invention and not a
mere abstract idea,” but does not argue the subject matter of claims 30–35
and 48–53 specifically. Resp. 46. We agree with Petitioner that the
distribution of databases was well-known and it would be logical to
distribute data, if possible, to increase redundancy. As such, we are
persuaded by Petitioner that the additional elements of dependent claims 30–
35 and 48–53 provide no meaningful limitation to the abstract idea.
v. Conclusion
Based on the arguments and evidence presented by Petitioner, we
determine that Petitioner has established by a preponderance of the evidence
that claims 1–8 and 18–53 of the ’201 Patent are directed to ineligible
subject matter under 35 U.S.C. § 101.
CBM2015-00021
Patent 6,321,201 B1

40

D. 35 U.S.C. § 103
i. Obviousness over Hoffman and IBM D2 –
Claims 1, 2, 8, 19–26, 29, 31–34, 37–44, 47, and 49–52
Petitioner asserts that claims 1, 2, 8, 19–26, 29, 31–34, 37–44, 47, and
49–52 are obvious over Hoffman and IBM D2. Pet. 47–71. Hoffman
“presents a model for engineering the user interface for large data base
systems in order to maintain flexible access controls over sensitive data.”
Ex. 1010, 1. “Access control is based on sets of procedures called
formularies. The decision on whether a user can read, write, update, etc.,
data is controlled by programs (not merely bits or tables of data) which can
be completely independent of the contents or location of raw data in the data
base.” Id. Hoffman discloses that the database could take a variety of
different forms: “some users will manipulate data structures—such as trees,
lists, sparse files, ring structures, arrays, etc.—which are accessed by
algorithms specifically designed for these structures.” Id. at 4. Figure 2 of
Hoffman is reproduced below.
CBM2015-00021
Patent 6,321,201 B1

41

Figure 2 of Hoffman depicts a user / database interface
Hoffman also discloses that the formulary model is concerned with
individual data elements, where those elements can be encrypted and
decrypted using SCRAMBLE and UNSCRAMBLE procedures as
prescribed by the formulary. Id. at 2, 5. Additionally, “[a]ccess control is
not restricted to the file level or the record level, . . . access can be controlled
at arbitrarily lower levels, even at the bit level.” Id. at 1. Petitioner also
argues that “Hoffman teaches a modular set of formulary procedures
(functions) to be applied to different data elements.” Pet. 26.
Additionally, Hoffman discloses a formulary comprising blocks
labeled “ACCESS” and “CONTROL,” as shown in Fig. 2, above, and that
“Hoffman’s formulary procedures are ‘processing rules’ stored in a
‘database’ because they are computer procedures that control processing of
data element values stored as an organized collection of structured data.”
Pet. 29. Petitioner alleges that this formulary is equivalent to the claimed
CBM2015-00021
Patent 6,321,201 B1

42

“data protection catalogue,” with the formulary including procedures that
control access to and the operations performed on data element values. Id.
Also, Hoffman discloses accessing the protection attributes in
response to a data request. To access data elements, a user communicates
with ACCESS through TALK. Ex. 1010, 4. TALK gets information about
the data being requested and the operation the user wishes to perform on the
data. Id. TALK translates the data information into an internal
identification of the data used by ACCESS to carry out the operation. Id.
ACCESS handles all requests for operations on the database, including
invoking formulary procedures such as CONTROL, which, as described
above, determines whether or not the requested operation to the data is
permitted. Id. at 4, 9.
Petitioner also alleges that “[m]ore than one year prior to the earliest
effective filing date of the [’]201 patent, the IBM DB2 database
management system was sold commercially by IBM and in wide public
use.” Pet. 47 (citing Ex. 1003, ¶ 105). Petitioner also indicates that:
IBM DB2 is a relational database management system which
can be applied in distributed implementations. Tables can be
located in different locations across a network. IBM DB2 uses
SQL for maintaining and querying the database. SQL provides
data retrieval, modification, definition and control.
Pet. 49 (citing Ex. 1015 at xxxi).
Petitioner also argues that IMB D2 included a data protection
catalogue in a second database containing protection attributes with
processing rules, with SYSCOLUMNS being a data protection catalogue
with fields specifying field procedures, which can be used to encrypt data.
Pet. 51–52 (citing Ex. 1017, 963, 965; Ex. 1015, 997, 999).
CBM2015-00021
Patent 6,321,201 B1

43

Petitioner also provides, and we agree, that Hoffman discloses that its
processes can be applied to any database system, being “independent of both
machine and data base structure.” Pet. 54–55 (citing Ex. 1010, 1).
Additionally, Petitioner alleges that one of ordinary skill in the art would
have been motivated to combine the teachings of Hoffman with IBM DB2 to
implement Hoffman’s formulary model in IBM DB2, with “motivation
com[ing] from the references themselves and ordinary innovation, ordinary
skill, and common sense. “ Pet. 55. Petitioner also provides that
implementing the system-independent security model of Hoffman in IBM
DB2 databases would have been a predictable combination of known
elements and would have yielded predictable results. Id.
Patent Owner argues that IBM DB2 and Hoffman are incompatible.
Resp. 57–59. Patent Owner asserts that Hoffman relies upon linear storage
and requires that the system programmer have intimate knowledge of how
the data was stored, but that IBM DB2 relates only to relational databases,
which do not require understanding how the stored data was structured. Id.
at 57–56. Additionally, Patent Owner argues that IBM DB2’s relational
database supplanted Hoffman’s formularies, and that IBM DB2 fails to
disclose encryption of data at the data element value level. Id. at 57–58. As
well, Patent Owner argues that IBM DB2 discloses protecting data through
encryption outside of the database, contrary to the claim language, and that
the ’201 Patent Specification makes clear that the database management
system’s internal dictionaries should not be confused with the data
protection catalogue, but IBM DB2’s SYSCOLUMN is an active dictionary
and cannot act as a “second database” as recited in the claims. Id. at 60–61,
73–74. We do not agree.
CBM2015-00021
Patent 6,321,201 B1

44

Patent Owner’s arguments are premised on Hoffman only allowing
for the location of data stored in a database, but Hoffman is more broadly
directed to controlling the processing of data through formularies. See Ex.
1005, 1. We agree with Petitioner that IBM DB2’s relational database did
not supplant Hoffman’s formulary, but instead would have shown one of
ordinary skill in the art that it would have been obvious to use IBM DB2’s
relational database as the database to store the data within the formulary
model. See Pet. 55. Additionally, we are not persuaded that the different
processes employed by Hoffman and IBM DB2 would constitute a “teaching
away” from their combination. See In re Fulton, 391 F.3d 1195, 1201 (Fed.
Cir. 2004). Lastly, we are not persuaded that any lack of discussion in IBM
DB2 of encryption at the data element level or of IBM DB2’s
SYSCOLUMN being an active dictionary, are deficiencies because Hoffman
discusses encryption at the data element level and discloses separate
databases, and the obviousness ground is over both Hoffman and IBM DB2.
Patent Owner also argues that because of the architectural differences
between the ’201 Patent and Hoffman and IBM DB2, the combination
cannot render certain claim elements obvious, such as “for each user-
initiated measure aiming at processing of a given data element value (DV) in
the first database (O-DB), initially producing a calling to the data element
protection catalogue.” Resp. 61–65.
Patent Owner’s arguments are akin to arguments requiring bodily
incorporation of one reference into another. See In re Keller, 642 F.2d 413,
425 (CCPA 1981) (“The test for obviousness is not whether the features of a
secondary reference may be bodily incorporated into the structure of the
primary reference. . . . Rather, the test is what the combined teachings of the
CBM2015-00021
Patent 6,321,201 B1

45

references would have suggested to those of ordinary skill in the art”). The
teachings of Hoffman can be applied to IBM DB2, without requiring every
aspect of each reference to remain the same in the combination. Further, as
discussed above, we are not persuaded by Patent Owner’s argument that
“[t]he database system itself then produces a compelling calling to a separate
database to gather (and enforce) protection attributes governing protection of
the protected data element value.” Resp. 62. Lastly, although Patent Owner
argues that the given data element value in the first database must be read as
the unencrypted data element value, and that the processing request must be
aimed at the unencrypted (given) data element value, we do not agree with
Patent Owner’s formulation, as discussed above in Section II.A.iv.
Patent Owner argues that Hoffman does not disclose protection
attributes as recited in claim 1. Resp. 65–67. Patent Owner argues that
Hoffman discloses that access control is made by a program, as opposed to
bits or a table, where the ’201 Patent makes clear that the protection
attributes are information stored in the second database, such that Hoffman
teaches away from the claimed protection attributes. Id. at 65 (citing Ex.
1010, 3). Patent Owner also argues that the Petition fails to demonstrate
how the protection attributes are collected, or which elements of Hoffman
constitute the separate claim elements of “protection attributes” and
“processing rules.” Id. at 66–67. We do not agree.
The ’201 Patent Specification describes protection attributes as data
which provide the complete information on the processing rule or data that
when combined with other information state the processing rule. See Ex.
1001, 3:26–34. Thus, we do not find the Specification or claims to limit
“protection attributes” to bits or information in a table. Further, Hoffman
CBM2015-00021
Patent 6,321,201 B1

46

describes a formulary as having a “set of procedures and their associated
functions [which] are the essential elements of the formulary model of
access control.” Ex. 1010, 4. See Pet. 30–31. Therefore, we do not find
Patent Owner’s arguments to be persuasive.
Patent Owner also argues that Hoffman does not disclose that “each
data element value (DV) is linked to a corresponding data element type.”
Resp. 67–69. Patent Owner continues that the Petitioner relies on
“intname,” the “internal name,” or local address of the data to supply this
element, but provides only conclusory assertions to support any
correspondence. Id. at 67–68 (citing Pet. 26-27; Ex. 1003 ¶ 83). Patent
Owner continues that the internal name cannot represent a filed name
because Hoffman bases its lookups on the location of data alone. Id. at 68–
69. We do not agree.
The Petition identifies in Hoffman that once a formulary is connected,
“CONTROL” accepts the internal data name and the operation to be
performed. See Pet. 27–31 (citing Ex. 1010, 3–4). We are persuaded that
one of ordinary skill in the art would understand that Hoffman discloses that
the characteristic of a data element is used to apply the formulary procedure,
and that would be equivalent to the data element types of the ’201 Patent,
such that access depends on the data rather than the user. Therefore, we find
the position taken by Petitioner in the Petition to be both clear and
reasonable.
Patent Owner argues that data element-type protections is
fundamentally different from user-based data access control. Resp. 69–71.
Patent Owner further asserts that “the ‘201 Patent’s data protection
catalogue requires that protection attributes be linked to data element types
CBM2015-00021
Patent 6,321,201 B1

47

independent of the user.” Id. at 71 (citing Ex. 1001, 11:25–28). First, we
note that the challenged claims, like claims 1 and 8, do not recite that the
protection attributes are independent of the user, as argued by Patent Owner,
but only state that “protection attributes stat[e] processing rules for data
element values (DV).” Additionally, we are not persuaded that user-based
and data-based restrictions are mutually exclusive. Patent Owner’s
declarant, Dr. Direen, agrees that access privileges are distinct and separate
from encryption and decryption privileges to the protected data, and that
systems may have both. See Ex. 2064 ¶¶ 43–44. We are persuaded that
both systems disclose user authorization to connect to the database, and
processing of the requested data is done in accordance with processing rules
associated with that data.
Patent Owner also argues that Hoffman does not disclose a second
database storing the data protection catalogue. Resp. 71–72. Patent Owner
continues that even if the blocks “ACCESS” and “CONTROL” in Hoffman
are considered databases, they would be two separate databases and that they
cannot be a single second database as required by claim 1. Id. We do not
agree. The “comprising” language found in claim 1 connotes that the claim
is not exclusively limited to just the elements recited. See Mars Inc. v. H.J.
Heinz Co., 377 F.3d 1369, 1376 (Fed. Cir. 2004). Further, we concur with
Petitioner’s argument that “to the extent that the Board does not find that the
protection catalog of Hoffman has the claimed protection catalog and data
element types stored as data element values, IBM DB2, or the references of
the DB2 Documentation, cures this ‘deficiency.’” Pet. 56. Implementing
the blocks “ACCESS” and “CONTROL” in Hoffman as a single database
would have been obvious to ordinarily skilled artisans for the reasons
CBM2015-00021
Patent 6,321,201 B1

48

supplied by Petitioner’s declarant. Id. Additionally, Patent Owner argues
that claims 2 and 31 make clear, in certain embodiments, the data element
protection catalogue is inaccessible to the user, which cannot be met by
Hoffman. Resp. 71–72. We do not agree, as Petitioner argues that it would
have been obvious to store the protection attribute/attributes of the data
element protection catalogue in encrypted form in the second database, thus
making the values inaccessible to the user. See Pet. 56-57 (citing Ex. 1003
¶ 116; Ex. 1020, B.2).
Patent Owner argues that Hoffman does not disclose initially
producing a calling, per claims 1 and 8. Resp. 72–73. Patent Owner
continues that “the database system itself must ‘automatically produce a
system calling’ to the second database,” and that an application call is not
the same as a system call. Id. As discussed above, the ’201 Patent does not
describe that the O-DB database produces the compelling calling to the data
protection catalogue. See Ex. 1001, 10:44–58 (“is first collected by the
system”); see id. at Abstract, 2:54–61, 3:51–65, 4:16–22, 7:57–61
(describing a compelling calling to a data protection catalogue, but failing to
describe the compelling calling being produced by the O-DB database).
Therefore, we do not agree with Patent Owner’s distinction because we are
not persuaded that the database itself must produce the calling, per the
challenged claims.
Patent Owner also argues that specific elements of the dependent
claims are nonobvious over Hoffman and IBM DB2. Resp. 74–75.
Specifically, Patent Owner argues that claim 2 requires that the protection
attributes are stored in encrypted form in the DPC and are decrypted when
accessed, but that such field procedures for encryption were not provided by
CBM2015-00021
Patent 6,321,201 B1

49

IBM and not internal to the database. Id. at 74 (citing Ex. 2063 ¶¶ 22, 71).
With respect to claims 20–26 and 37–44, Patent Owner argues that those
claims are directed to various approaches to storing protection attributes as
data element type data in the second database. Id. at 74–75.
As discussed above, however, we are not persuaded that any lack of
discussion in IBM DB2 of encryption at the data element level is a
deficiency because Hoffman discusses encryption at the data element level
and discloses separate databases, and the obviousness ground is over both
Hoffman and IBM DB2. In other words, we are not persuaded Hoffman’s
specific disclosure of encryption at the data element level would be
superseded by a lack of such encryption in IBM DB2. With respect to
claims 20–26 and 37–44, the arguments presented by Patent Owner are
directed to the incompatibility and the fundamental differences between
Hoffman and IBM DB2, where we have addressed those arguments above
and not found them to be persuasive.
Lastly, Patent Owner argues that Petitioner has failed to demonstrate
obviousness of the claims. Resp. 75–78. Patent Owner reiterates that the
analysis of Hoffman relies on patently unreasonable claim constructions, and
that the testimonies of Petitioner’s declarants lack credibility and are
unreliable. We do not agree. We are persuaded that Dr. Shamos’ testimony
is consistent, stating that Hoffman discloses a data protection catalog
(formulary) that includes processing rules. Ex. 1003 ¶¶ 92, 94; Ex. 2067,
112:22–113:4 (analogizing the data protection catalogue and the formulary),
116:12–117:1 (formulary stores processing rules), and 127:17–24 (the
procedures of the formulary are the processing rules). Further, we agree
CBM2015-00021
Patent 6,321,201 B1

50

with Petitioner that Dr. Shamos interpreted claim terms within the context of
the Specification and claims of the ’201 Patent. Reply 23.
Therefore, we are persuaded that Petitioner has established by a
preponderance of the evidence that claims 1, 2, 8, 19–26, 29, 31–34, 37–44,
47, and 40–52 of the ’201 Patent are unpatentable under 35 U.S.C. § 103 as
being obvious over Hoffman and IBM D2.
ii. Obviousness over Hoffman, IBM D2, and Du – Claims 35 and 53
Petitioner asserts that claims 35 and 53 would have been obvious over
Hoffman, IBM D2, and Du. Pet. 75–76. Petitioner argues that Du teaches
that different databases can be stored at various locations in a distributed
network environment. Id. at 75(citing Ex. 1003, ¶¶ 143, 145). Petitioner
continues that it would have been obvious to apply the known techniques
taught by IBM D2 and Du, the backup function and distributed database,
respectively, to the system of Hoffman “to avoid damage of the backup due
to local weather or other major event.” Id. (citing Ex. 1003, ¶ 146).
Claims 35 and 53 recite that the imported copy of the database
protection catalogue and the first database are stored in different cities.
Patent Owner argues that although Du describes the distribution of databases
at several different locations, each site has its own database administration
functions, such that any security check would be entirely self-contained to a
particular location. Resp. 79–80 (citing Ex. 1011, 1:26–28). Patent Owner
contrasts this with the ’201 Patent which “requires a calling to the data
protection catalogue for each user-initiated measure, regardless of where the
data protection catalogue is located.” Id. We are not persuaded, however,
that the combination of Hoffman, IBM D2, and Du would not allow this to
occur; any combination by ordinarily skilled artisans would allow for
CBM2015-00021
Patent 6,321,201 B1

51

smooth operation with the distant databases. Additionally, claims 35 and 53
are directed to separation of the first database and the data protection
catalogue, and not to whether any additional security checks might be
needed for distant databases.
Therefore, we are persuaded that Petitioner has established by a
preponderance of the evidence that claims 35 and 53 of the ’201 Patent are
unpatentable under 35 U.S.C. § 103 as being obvious over Hoffman, IBM
D2, and Du.

III. MOTION TO EXCLUDE
i. Exhibits 2017, 2018, 2065, and 2066
Petitioner moves to exclude Exhibits 2017, 2018, 2065, and 2066.
Mot. to Exclude 1–2. We do not rely on exhibits 2017 and 2018 in reaching
our Decision and, thus, dismiss Petitioner’s motion to exclude those exhibits
as moot. With respect to Exhibits 2065 and 2066, we have cited to those
declarations with respect to Patent Owner’s discussion of its efforts to
protect the formula for Coca-Cola from unauthorized access, but we found
that those declarations failed to establish a relationship between the system
provided to Coca-Cola and the claims of the ’201 Patent. Therefore,
although we are persuaded that the declarations are not directly related to the
claims of the ’201 Patent, we are not persuaded that those declarations need
to be excluded.
ii. Exhibits 2064, 2089 and 2093
Petitioner moves to exclude Exhibits 2064, 2089, and 2093 because,
according to Petitioner, the exhibits do not meet the standard for an expert
witness. Mot. Exclude 3–5; Pet. Reply to Opp. to Mot. Exclude 2–3.
CBM2015-00021
Patent 6,321,201 B1

52

Petitioner argues that Dr. Direen does not qualify as an expert in the relevant
field of the ’201 Patent. Mot. Exclude 3. Further, Petitioner requests that
even if we do not exclude the subject exhibits, we should give them less
weight when compared to Petitioner’s declarants. Id.
As the Board has noted in numerous cases, “the Board, sitting as a
non-jury tribunal with administrative expertise, is well-positioned to
determine and assign appropriate weight to the evidence presented in this
trial, without resorting to formal exclusion that might later be held reversible
error.” See, e.g., Liberty Mutual Insurance Co. v. Progressive Casualty
Insurance Co., CBM2012-00002, Paper 66 at 70 (PTAB Jan. 23, 2014);
Gnosis S.P.A., et al. v. S. Alabama Medical Science Foundation, IPR2013-
00118, Paper 64 at 43 (PTAB June 20, 2014); S.E.C. v. Guenthner, 395
F. Supp. 2d 835, 842 n.3 (D. Neb. 2005); Opp. to Mot. Exclude 4. We, thus,
are not persuaded by Petitioner to exclude Exhibits 2064, 2089, and 2093
and Petitioner’s Motion to Exclude is denied.
Additionally, we are also not persuaded that Dr. Direen is unqualified
to testify as an expert. As Petitioner points out, Dr. Direen has knowledge,
skill, experience, and training beyond degrees and is the holder of several
patents. Opp. to Mot. Exclude 3–8; See Ex. 1002 ¶¶ 1–7 (discussing
additional credentials and qualifications). Given this, we are persuaded that
Dr. Direen is qualified to testify as an expert as to what a person of ordinary
skill in the art would know or understand during the relevant time frame.

IV. MOTION FOR OBSERVATIONS
On October 19, 2015, Patent Owner filed a Motion for Observation
Regarding Cross Examination of Reply Witness Dr. Michael Shamos. Mot.
CBM2015-00021
Patent 6,321,201 B1

53

Observation. Patent Owner’s observations comment on the cross-
examination testimony of Petitioner’s declarant Dr. Michael Shamos (Exs.
2061, 2067) given on June 10 and 30, 2015. Id. at 1. The Motion for
Observation indicates that it was filed pursuant to authorization in the
Scheduling Order (Paper 15). Mot. Observation 1.
The scheduling order states “[a] motion for observation on cross-
examination provides the parties with a mechanism to draw the Board’s
attention to relevant cross-examination testimony of a reply witness because
no further substantive paper is permitted after the reply” and refers to the
Office Patent Trial Practice Guide. Paper 15, 4–5. The Trial Practice Guide
states:
In the event that cross-examination occurs after a party has
filed its last substantive paper on an issue, such cross-
examination may result in testimony that should be called to the
Board’s attention, but the party does not believe a motion to
exclude the testimony is warranted. The Board may authorize
the filing of observations to identify such testimony and
responses to observations, as defined below.
77 Fed. Reg. at 48,767–68 (emphasis added).
The scheduling order authorizes the filing of such a motion for
observations regarding cross-examination of a reply witness by Due Date 4.
Mr. Schneier cross-examination testimonies were given on June 10 and 30,
2015, prior to Patent Owner filing its Patent Owner’s Response, on August
5, 2105. The cross-examination did not occur after Patent Owner filed its
last substantive paper.
Patent Owner’s Motion for Observation, thus, is improper. The
Scheduling Order did not authorize Patent Owner to file a Motion for
Observation of cross-examination that occurred prior to Patent Owner filing
CBM2015-00021
Patent 6,321,201 B1

54

its last substantive paper on an issue, the Patent Owner’s Response and
Patent Owner did not seek other authorization for such. The improper
observations are akin to an unauthorized sur-reply to argument made in
Petitioner’s Reply. We, thus, expunge Patent Owner’s unauthorized
observations from the record. See 37 C.F.R. § 42.7(a). Additionally, we
expunge Petitioner’s Opposition to that Observation (Paper 33) as being
unnecessary.

V. CONCLUSION
We determine that Petitioner has demonstrated by a preponderance of
the evidence that claims 1–8 and 18–53 are unpatentable under 35 U.S.C.
§ 101 as being directed to non-statutory subject matter. We further
determine that Petitioner has demonstrated by a preponderance of the
evidence that claims 1, 2, 8, 19–26, 29, 31–35, 37–44, 47, and 40–53 are
unpatentable under 35 U.S.C. § 103 as being obvious over combinations of
Hoffman, IBM D2, and Du, as discussed in Section II.D above.
This is a Final Written Decision of the Board under 35 U.S.C.
§ 328(a). Parties to the proceeding seeking judicial review of this Decision
must comply with the notice and service requirements of 37 C.F.R. § 90.2.

IV. ORDER
In consideration of the foregoing, it is hereby:
ORDERED that claims 1–8 and 18–53 of U.S. Patent No. 6,321,201
B1 are unpatentable;
FURTHER ORDERED that Petitioner’s Motion to Exclude is denied;
CBM2015-00021
Patent 6,321,201 B1

55

FURTHER ORDERED that Patent Owner’s Motion for Observation
(Paper 25) and Petitioner’s Opposition to that Observation (Paper 33) are
expunged from the record.

CBM2015-00021
Patent 6,321,201 B1

56

PETITIONER:
Marc Kaufman
Mark Vogelbacker
John Bovich
Reed Smith LLP

mskaufman@reedsmith.com
mvogelbacker@reedsmith.com
JBovich@ReedSmith.com

PATENT OWNER:
Woodrow H. Pollack
GRAY ROBINSON, P.A.

woodrow.pollack@gray-robinson.com