Strikeforce Technologies, Inc. v. Secureauth CorporationBRIEFC.D. Cal.October 30, 2017 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Jon W. Gurka (SBN 187,964) jon.gurka@knobbe.com Stephen W. Larson (SBN 240,844) stephen.larson@knobbe.com Jeremy Anapol (SBN 285,828) jeremy.anapol@knobbe.com KNOBBE, MARTENS, OLSON & BEAR, LLP 2040 Main Street, Fourteenth Floor Irvine, CA 92614 Phone: (949) 760-0404 Facsimile: (949) 760-9502 Attorneys for Defendant SECUREAUTH CORPORATION IN THE UNITED STATES DISTRICT COURT FOR THE CENTRAL DISTRICT OF CALIFORNIA WESTERN DIVISION STRIKEFORCE TECHNOLOGIES, INC., Plaintiff, v. SECUREAUTH CORPORATION, Defendant. ) ) ) ) ) ) ) ) ) ) ) Civil Action No. 2:17-cv-04314-JAK-SK SECUREAUTH CORPORATION’S OPENING CLAIM CONSTRUCTION BRIEF Hon. John A. Kronstadt Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 1 of 31 Page ID #:2599 TABLE OF CONTENTS Page No. -i- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 I. INTRODUCTION ...................................................................................... 1 II. THE ASSERTED PATENTS .................................................................... 1 III. PRIOR CLAIM CONSTRUCTION DECISIONS .................................... 4 IV. LEGAL STANDARDS .............................................................................. 5 V. ARGUMENT ............................................................................................. 5 A. “Security Computer” ........................................................................ 6 1. StrikeForce’s “Out-of-Band” Definition From The ’297 Application Governs The Construction Of The Asserted Claims ..................................................................... 7 2. The Specification Consistently Describes The Security Computer As “Out-of-Band” ............................................... 10 3. The Specification Shows How The Security Computer Satisfies The “Out-of-Band” Definition .............................. 11 4. The Specification Uses The Term “Isolated” To Describe Out-of-Band Operation ........................................ 12 5. The Claim Language Shows That The Security Computer Operates “Out-of-Band” ..................................... 13 6. The Prosecution History Requires the Security Computer To Operate “Out-of-Band” ................................. 14 7. The Delaware and Massachusetts Courts Agree The Applicant Relied On “Out-of-Band” Operations To Distinguish Prior Art. .......................................................... 15 B. “Host Computer” ........................................................................... 17 C. Terms Subject to Section 112, Paragraph 6 ................................... 17 1. “Biometric Analyzer” .......................................................... 18 2. “Prompt Means” .................................................................. 20 3. “Authentication Program Means” ....................................... 21 4. “Authentication Program” ................................................... 22 5. “Component for Receiving” ................................................ 23 Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 2 of 31 Page ID #:2600 TABLE OF CONTENTS (Cont’d) Page No. -ii- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 D. “Multichannel Security System” and “Security System” .............. 25 VI. CONCLUSION ........................................................................................ 25 Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 3 of 31 Page ID #:2601 TABLE OF AUTHORITIES Page No(s). -iii- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Aristocrat Techs. Austl. PTY Ltd. v. Int’l Game Tech., 521 F.3d 1328 (Fed. Cir. 2008) ......................................................... 18, 23, 25 Catalina Mktg. Int’l, Inc. v. Coolsavings.com, Inc., 289 F.3d 801 (Fed. Cir. 2002) ....................................................................... 16 Cook Biotech, Inc. v. ACell, Inc., 460 F.3d 1365 (Fed. Cir. 2006) ............................................................. 7, 9, 10 Markman v. Westview Instruments, Inc., 517 U.S. 370 (1996) ........................................................................................ 5 Med. Instrumentation & Diagnostics Corp. v. Elekta AB, 344 F.3d 1205 (Fed. Cir. 2003) ............................................................... 17, 22 MPHJ Tech. Invs., LLC v. Ricoh Ams. Corp., 847 F.3d 1363 (Fed. Cir. 2017) ................................................................... 8, 9 Noah Sys., Inc. v. Intuit, Inc., 675 F.3d 1302 (Fed. Cir. 2012) ................................................... 18, 22, 24, 25 O2 Micro Int’l v. Beyond Innovation Tech. Co., 521 F.3d 1351 (Fed. Cir. 2008) ....................................................................... 7 Phillips v. AWH Corp., 415 F.3d 1303 (Fed. Cir. 2005) ....................................................................... 5 Profoot, Inc. v. Merck & Co., Inc., 663 Fed. App’x. 928 (Fed. Cir. 2016) ............................................................. 5 StrikeForce Technologies, Inc. v. Gemalto, Inc., No. 17-10422-RGS, 2017 WL 3813905 (D.Mass. Aug. 31, 2017) ........................................................................... 4, 16 StrikeForce Technologies, Inc. v. PhoneFactor, Inc., No. 13-490- RGA, 2015 WL 5708577 (D. Del. Sep. 29, 2015) .................................................................. 4, 15, 19, 21 Trustees of Columbia Univ. v. Symantec Corp., 811 F.3d 1359 (Fed. Cir. 2016) ............................................................. 7, 9, 20 Vitronics Corp. v. Conceptronic, Inc., 90 F.3d 1576 (Fed. Cir. 1996) ......................................................................... 5 Williamson v. Citrix, 792 F.3d 1339 (Fed. Cir. 2015) .............................................................. passim Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 4 of 31 Page ID #:2602 TABLE OF AUTHORITIES (Cont’d) Page No(s). -iv- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 35 U.S.C. § 112............................................................................................ passim Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 5 of 31 Page ID #:2603 -1- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 I. INTRODUCTION The central feature required by the asserted claims is “out-of-band” authentication. When prosecuting the Asserted Patents,1 StrikeForce provided an explicit definition for “out-of-band.” StrikeForce then repeatedly relied on that definition to distinguish prior art at the Patent Office. In previous claim construction proceedings before two other district courts, both courts agreed that StrikeForce relied on the “out-of-band” definition during prosecution. However, StrikeForce now attempts to repudiate the definition by seeking claim constructions that omit its explicit limitations. The Court should construe the claims to be consistent with StrikeForce’s representations to the Patent Office, and the explicit disclosure in the Asserted Patents’ specification. II. THE ASSERTED PATENTS The Asserted Patents share the same specification and title: “Multichannel Device Using a Centralized Out-of-Band Authentication System (COBAS).” They claim priority to a common parent application, No. 09/655,297 (“the ’297 Application”), which was filed on September 5, 2000. ’599 patent, 1:7-11; ’698 patent, 1:7-16; ’701 patent, 1:7-19. The ’297 Application is incorporated by reference into each Asserted Patent. Id. The shared specification describes an “out-of-band” authentication system for computer networks. ’698 patent, 1:21-24. The “out-of-band” approach is an alternative to “in-band” authentication, which the patents describe as follows: Typically, access-control security products, as described above, are in-band authentication systems with the data and the authentication information on the same network. Thus, upon accessing a computer, a 1 The Asserted Patents are U.S. Patent Nos. 7,870,599 (“the ’599 patent”) (D.I. 1-2), 8,484,698 (“the ’698 patent”) (D.I. 1-3), and 8,713,701 (“the ’701 patent”) (D.I. 1-4). Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 6 of 31 Page ID #:2604 -2- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 computer prompt requests that you enter your password and, upon clearance, access is granted. In this example, all information exchanged is on the same network or in-band. Id., 2:31-39.2 In contrast, the claimed out-of-band approach uses “an authentication channel that is separated from the information channel and therefore is nonintrusive as it is carried over separate facilities than those used for actual information transfer.” Id., 6:17-23. The specification discloses four embodiments of its out-of-band authentication system, which are shown in Figures 1A, 10, 11, and 13, respectively. In the first embodiment (Fig. 1A), a host computer (e.g., web server) located within an organization’s local network is accessed from a computer outside of that network. Id., 6:30-43. This access occurs over a wide- area network (“WAN”) such as the Internet. Id., 6:13-17. Thus, the first embodiment may be referred to as the WAN embodiment. In this embodiment, when the user attempts to access the host computer in the access channel, the host computer prompts the user to enter a user identification and password. Id., 9:24-33. As shown below in Fig. 1A, the information entered by the user “is diverted by a router 36 internal to the corporate network 38 to an out-of-band security network 40.” Id., 6:37-42. The out-of-band security network 40 is also referred to as “security computer 40” or “security system 40” in other parts of the Asserted Patents. See id., 9:33, 9:35, 11:32, 12:11-12 (security computer); id., 8:30, 8:33-34, 8:37, 8:43, 8:46, 8:53, 9:13, 9:17 (security system). / / / / / / / / / / / / 2 All emphasis is added unless otherwise indicated. Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 7 of 31 Page ID #:2605 -3- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Id., Fig. 1A. After receiving the user’s information, the out-of-band security network 40 calls the user on a telephone and prompts the user to (1) enter a numerical password, and (2) speak a verbal password into the telephone. Id., 10:20-65; 11:10-42. These passwords are used to perform the out-of-band authentication. In the second embodiment (Fig. 10), the host computer is accessed from another computer within the same local area network (LAN)—not over the Internet. Id., 6:23-27. The second embodiment may be referred to as the LAN embodiment. In contrast to the WAN embodiment, the LAN embodiment emphasizes “right-to-know classifications within an organization rather than on avoiding entry by hackers.” Id., 12:48-50. Apart from these differences, the “out-of-band security network 240” in the LAN embodiment is “analogous” to Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 8 of 31 Page ID #:2606 -4- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 the out-of-band security network 40 of the WAN embodiment. Id., 12:54-58. The third (Fig. 11) and fourth (Fig. 13) embodiments are similar to the WAN embodiment in that they both involve access over the Internet. Id. at Figs. 11, 13. But instead of a wired telephone, the third embodiment uses a cellular telephone and the fourth embodiment uses a personal digital assistant (PDA). Id., 5:49-51 and 5:55-58. The cell phone and PDA, which operate in the out-of-band channel, are referred to as “peripheral devices.” Id. III. PRIOR CLAIM CONSTRUCTION DECISIONS Some terms addressed below were construed by other district courts in the following cases: StrikeForce Technologies, Inc. v. PhoneFactor, Inc., No. 13-490- RGA, 2015 WL 5708577 (D. Del. Sep. 29, 2015) (“PhoneFactor”) StrikeForce Technologies, Inc. v. Gemalto, Inc., No. 17-10422- RGS, 2017 WL 3813905 (D.Mass. Aug. 31, 2017) (“Gemalto”). In PhoneFactor, Magistrate Judge Thynge issued a report and recommendation that Judge Andrews adopted over StrikeForce’s objections. 2015 WL 5708577, at *3; Ex. A (Rpt. & Rec.). In Gemalto, Judge Stearns issued an early claim construction order on three groups of disputed claim terms. 2017 WL 3813905, at *1. He scheduled additional claim construction briefing in February 2018 for the other disputed claim terms. Gemalto, No. 17-10422-RGS, D.I. 30. The courts in Gemalto and PhoneFactor agreed on the constructions of “access channel,” “authentication channel,” “first channel,” and “second channel.” Both courts adopted the constructions proposed by the defendants in those cases. StrikeForce no longer disputes the construction of those terms. The Gemalto and PhoneFactor courts disagreed, however, on the proper constructions of “host computer” and “multichannel security system” / “security system.” The differences between the Gemalto and PhoneFactor constructions are explained in further detail below where relevant to the disputes in this case. Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 9 of 31 Page ID #:2607 -5- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 IV. LEGAL STANDARDS Claim construction is a matter of law. Markman v. Westview Instruments, Inc., 517 U.S. 370, 388-89 (1996). Claim terms are generally given the ordinary and customary meaning ascribed to them by a person of ordinary skill in the art at the time of the invention. Phillips v. AWH Corp., 415 F.3d 1303, 1312-13 (Fed. Cir. 2005) (en banc). In determining how a person of ordinary skill would have understood the claim terms, courts primarily look to the claims themselves, then to the patent’s specification and prosecution history. Id. at 1315-1317. A “patentee may choose to be his own lexicographer” by providing a “special definition” of a claim term that differs from the term’s “ordinary and customary meaning.” Vitronics Corp. v. Conceptronic, Inc., 90 F.3d 1576, 1582 (Fed. Cir. 1996). A patent’s specification may define a claim term “expressly” or “by implication.” Id. The meaning of a claim term may also be determined based on “representations made by the applicant regarding the scope of the claims” in the prosecution history. Id. Indeed, the prosecution history “is often of critical significance in determining the meaning of the claims.” Id. For a child patent, the prosecution history includes representations made to the Patent Office in connection with parent applications. Profoot, Inc. v. Merck & Co., Inc., 663 Fed. App’x. 928, 933 (Fed. Cir. 2016) (citing Ormco Corp. v. Align Technology, Inc., 498 F.3d 1307, 1314 (Fed. Cir. 2007)). Specialized rules apply to claim limitations construed under 35 U.S.C. § 112 ¶ 6.3 Those rules are discussed in the relevant sections below. V. ARGUMENT The Court should adopt SecureAuth’s proposed constructions because they are supported by the claims, specification, prosecution history, and 3 Following the America Invents Act (“AIA”) of 2011, this provision is now identified as 35 U.S.C. § 112(f). Because the asserted patents were filed before the effective date of the AIA, this brief refers to the pre-AIA statute. Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 10 of 31 Page ID #:2608 -6- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 controlling authority. A. “Security Computer” SecureAuth’s Proposed Construction StrikeForce’s Proposed Construction a computer in the authentication channel that can grant authenticated users access to but is isolated from the host computer (isolated means that the security computer operates without reference to the host computer or any database in a network that includes the host computer). a computer in the authentication channel that can grant authenticated users access to but is isolated from the host computer (being “isolated” does not mean having no connections at all). The parties agree that the “security computer” is “a computer in the authentication channel that can grant authenticated users access to, but is isolated from, the host computer.” D.I. 119-1 at 1. The meaning of “isolated” is disputed. Id. SecureAuth proposes that the security computer is isolated if it “operates without reference to the host computer or any database in a network that includes the host computer.” Id. This requirement is stated explicitly in the prosecution history and the specification incorporates it by reference. More specifically, the ’297 Application (which all Asserted Patents claim priority to and incorporate by reference) defines an “out-of-band” operation as “one conducted without reference to the host computer or any database in the host network.” Ex. B at SF000510. This “out-of-band” definition applies to the claimed “security computer” because the specification and prosecution history both show that it must authenticate users “out-of-band.” Moreover, the specification and prosecution history both use the specific term “isolated” to describe the security computer performing out-of-band authentication. Thus, as further explained below, SecureAuth’s proposed construction is correct. StrikeForce offers only a negative definition, proposing that “isolated does not mean having no connections at all.” D.I. 119-1 at 1. This negative definition appears nowhere in the specification or prosecution history. Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 11 of 31 Page ID #:2609 -7- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Moreover, StrikeForce’s negative definition is erroneous as a matter of law because adopting that definition would not resolve the parties’ dispute about the scope of the claims.4 O2 Micro Int’l v. Beyond Innovation Tech. Co., 521 F.3d 1351 (Fed. Cir. 2008) (“When the parties present a fundamental dispute regarding the scope of a claim term, it is the court’s duty to resolve it.”). 1. StrikeForce’s “Out-of-Band” Definition From The ’297 Application Governs The Construction Of The Asserted Claims Because the specification here incorporates the ’297 Application by reference, the “out-of-band” definition in the ’297 Application is treated as part of the specification. Trustees of Columbia Univ. v. Symantec Corp., 811 F.3d 1359, 1365-66 (Fed. Cir. 2016). Thus, the claims must be construed to match that definition. See id. (construing claim term based on definition in prior disclosure incorporated by reference); Cook Biotech, Inc. v. ACell, Inc., 460 F.3d 1365, 1375-77 (Fed. Cir. 2006) (same). StrikeForce may argue that the definition from the ’297 Application does not apply to the Asserted Patents because it was replaced. Specifically, when filing the application that became the ’599 Patent, StrikeForce replaced the definition from the earlier ’297 Application with a definition from “Newton’s Telecom Dictionary (19th Ed.).” ’599 Patent, 5:60-66. The Newton definition was previously identified by the patent examiner in the ’297 Application. Ex. D at SF000711-712. StrikeForce adopted the Newton definition only after explaining that it was consistent with the definition from the ’297 Application: 4 Consider an alleged security computer that relies on a host computer to provide some of the data used during authentication. This alleged security computer would clearly be outside the scope of the claims under SecureAuth’s proposed construction. It would not be “isolated” because it does not “operate without reference to the host computer.” But under StrikeForce’s proposed construction, there would be no way to determine whether the alleged security computer is sufficiently “isolated” because that construction never states what “isolated” means. As a result, the claim scope would be uncertain. Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 12 of 31 Page ID #:2610 -8- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Here, the Examiner puts forth in supposed contradistinction to Applicant’s choice of definitions those found in Newton’s Telecom Dictionary (19th edition) and places Harry Newton’s reference in her conclusion. Upon a close reading of the Application and of the definitions the contradistinction disappears and agreement is found. In Newton’s definition of out-of-band signalling, separation of control signals and of information transfer is described. This separation of signal channels is what Applicant has posited in his initial argument and is what Applicant continues to maintain. Id. To support its repudiation of its original “out-of-band” definition, StrikeForce may rely on MPHJ Tech. Invs., LLC v. Ricoh Ams. Corp., 847 F.3d 1363, 1368-69 (Fed. Cir. 2017). In MPHJ, the patent-in-suit claimed priority to a provisional application, which contained a statement that allegedly limited the patented invention to a “one-step copying and sending process.” Id. This limiting statement was omitted from the patent-in-suit. Id. The Federal Circuit interpreted the omission as indicating that the “one-step” limitation from the provisional should not apply to the patent claims. Id. Thus, StrikeForce may argue that the replacement of the original “out-of-band” definition from the Asserted Patents makes it inapplicable here. StrikeForce would be incorrect. In MPHJ, the Federal Circuit noted that the patent-in-suit clearly described the provisional’s one-step limitation as “optional.” Id. Thus, the Federal Circuit did not rely solely on the omission of the limiting statement from the patent. Rather, the Federal Circuit interpreted that omission in view of the specification’s other statements that explicitly prevented the statement from limiting the claims at issue. Moreover, the statement in MPHJ was not an explicit definition, and the Federal Circuit never stated that it would have controlled the scope of the claims if it had not been omitted from the patent. Here, StrikeForce’s replacement of the original “out-of-band” definition does not negate that definition. In contrast to MPHJ, StrikeForce’s Asserted Patents never state that the limitations articulated in the ’297 Application are Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 13 of 31 Page ID #:2611 -9- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 “optional.” Just the opposite. StrikeForce represented to the Patent Office that the Newton definition now used in the Asserted Patents was fully consistent with the original definition. Ex. D at SF000711-712. Thus, the limitations in the original definition still apply—as Columbia and Cook Biotech confirm. In Columbia, the patent-in-suit incorporated a provisional application, which defined a “byte sequence feature” as a feature of “machine code . . . instead of resource information.” 811 F.3d at 1365. This definition specifically excluded “resource information” from the scope of the term. Id. at 365-66. However, the patent-in-suit stated only that the “byte sequence feature” referred to a feature of “machine code,” without specifically excluding “resource information” as the provisional had done. Id. Although the specification omitted the exclusionary language that was in the provisional, the Federal Circuit still construed the term “byte sequence feature” to exclude “resource information.” Id. Here, as in Columbia, the Asserted Patents do not explicitly repeat the limiting definition from the provisional application, but they incorporate the definition by reference. Moreover, as in Columbia, and in contrast to MPHJ, there is no statement in the Asserted Patents that negates the incorporated definition. Indeed, the argument for incorporation is even stronger here than it was in Columbia. Here, StrikeForce explicitly told the Patent Office that no inconsistency existed and the original definition was correct all along. Ex. D at SF000711-712. Thus, the claims here must be construed to match the original definition from the ’297 Application. Columbia, 811 F.3d at 1366. That definition requires “out-of-band” operations to be “conducted without reference to the host computer or any database in the host network.” Ex. C at SF000657. Cook Biotech provides additional guidance. There, the specification incorporated disclosure in another patent that described a procedure for separating layers of tissue in the intestines. 460 F.3d at 1375-77. The court construed the term “luminal portion of the tunica mucosa” in the context of Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 14 of 31 Page ID #:2612 -10- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 bladder tissue to include the same layers that the incorporated patent identified in the intestines. Id. The argument for incorporation is even stronger here than it was in Cook Biotech because the Court does not need to translate from intestines to bladders. Instead, the “out-of-band” definition from the ’297 Application applies directly to the “security computer” in the Asserted Patents. There is no dispute that the security computer must authenticate users using “out-of-band” operations. Moreover, this requirement is repeatedly set forth in the specification and prosecution history, as explained below. Thus, the definition of “out-of-band” authentication in the ’297 Application applies to the security computer, and the security computer should be construed to operate “without reference to the host computer or any database in the host network.” 2. The Specification Consistently Describes The Security Computer As “Out-of-Band” The specification uses the terms “security computer,” “security system,” and “security network” interchangeably. For example, the specification refers to “security computer 40” four times, “security network 40” five times, and “security system 40” eight times.5 These terms all refer to the hardware identified by reference numeral “40” in Fig. 1A. The specification consistently characterizes this hardware as “out-of-band.” E.g., ’698 patent, 6:60-62, 7:35- 37; 8:33-35, 8:35-39; 8:40-44; 8:44-47; 8:51-53; 8:60-65; 9:12-19. In addition to security computer 40, the specification also mentions a “security computer 52,” shown in Figure 2. Id., 6:60-7:10. Security computer 52 is part of the “hardware required by the out-of-band security network”— which is also called security computer 40 as noted above. Id., 6:60-62. Because security computer 40 operates out-of-band, the security computer 52 that is part 5 ’698 patent, 9:33, 9:35, 11:32, 12:11-12 (security computer); id. at 6:41- 42, 6:42-43, 6:45, 7:37, 7:39 (security network); id., 8:30, 8:33-34, 8:37, 8:43, 8:46, 8:53, 9:13, 9:17 (security system). Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 15 of 31 Page ID #:2613 -11- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 of it must do so also. Thus, the “out-of-band” definition from the ’297 Application applies equally to security computer 40 and security computer 52. Security computer 40 appears only in the embodiment of Figure 1A, but the embodiments in Figures 10, 11, and 13 include similar components with different reference numerals.6 For example, Figure 10 includes “an out-of-band security network 240.” Id., 12:43-48. Figure 11 includes a “security system 340” that is “also referred to as the centralized out-of-band authentication system (COBAS).” Id., 13:11-13. Figure 13 includes a “COBAS security system 440.” Id., 14:15-17. Thus, all four disclosed embodiments include a security computer that the specification clearly identifies as out-of-band. As a result, the “out-of-band” definition from the ’297 Application applies to all security computers in the specification, and they must operate “without reference to the host computer or any database in the host network.” 3. The Specification Shows How The Security Computer Satisfies The “Out-of-Band” Definition The “out-of-band” definition from the ’297 Application requires the security computer to authenticate independently from not only the “host computer,” but also the entire “host network” (i.e., the network that contains the host computer). Ex. B at SF000510. This network-level separation is described throughout the specification. Indeed, as noted above, the specification often calls the security computer 40 an “out-of-band security network 40,” thereby indicating its separation from the host network. E.g., ’698 patent, 6:37-42. The specification highlights the importance of network-level separation: “This invention relates to security networks for computer network applications, and, more particularly, to a security network which 6 In Figure 10, “reference designators ‘200’ units higher are employed” to identify components similar to those in Figure 1A. ’698 patent, 12:28-30. Figure 11 uses “reference designators ‘300’ units higher.” Id., 12:67-13:2. Figure 13 uses “reference designators ‘400’ units higher.” Id., 13:57-59. Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 16 of 31 Page ID #:2614 -12- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 provides user authentication by an out-of-band system that is entirely outside the host computer network being accessed.” Id., 1:20-24 (emphasis added). “It is yet another object of the present invention to provide a separate security network which acts conjunctively with or as an overlying sentry box to the existing security system provided by the host computer.” Id., 4:58-61 (emphasis added). “The access network 30 is constructed in such a manner that, when user 24 requests access to a web page 32 located at a host computer or web server 34 through computer 22, the request-for- access is diverted by a router 36 internal to the corporate network 38 to an out-of-band security network 40.” Id., 6:37-42 (emphasis added). “The access network 230 is constructed in such a manner that, when user 224 requests access to a high security database 232 located at a host computer 234 through computer 222, the request- for-access is diverted by a router 236 internal to the corporate network 238 to an out-of-band security network 240.” Id., 12:43- 48 (emphasis added). All of these passages confirm that the “out-of-band” definition, which requires separation from the host network, applies to the claimed “security computer.” 4. The Specification Uses The Term “Isolated” To Describe Out-of-Band Operation The specification uses the term “isolate” to describe the same network- level separation that is required by the “out-of-band” definition from the ’297 Application. E.g., id., 4:55-57 (“It is a further object of the present invention to provide a network to isolate the authentication protocol of a computer system from the access channel therefor.”). For example, the specification describes Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 17 of 31 Page ID #:2615 -13- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 the “security network” (i.e., the security computer) as “isolated” from the “corporate network” (which contains the host computer):7 “[T]he out-of-band security network 40 is isolated from the corporate network 38 and does not depend thereon for validating data.” Id.,6:44-47. “[T]he out-of-band security network 240 is isolated from the corporate network 238 and does not depend thereon for validating data.” Id.,12:59-61. These passages teach that the security computer is isolated from and “does not depend” on the host network “for validating data.” This teaching confirms that the security computer authenticates “without reference to the host computer or any database in the host network”—as the original “out-of-band” definition requires. Because the specification uses the term “isolated” to describe out-of- band operation, SecureAuth’s proposed construction correctly defines “isolated” to mean that “the security computer operates without reference to the host computer or any database in a network that includes the host computer.” 5. The Claim Language Shows That The Security Computer Operates “Out-of-Band” The claim language in the Asserted Patents further demonstrates that the security computer operates “without reference to the host computer or any database in the host network.” For example, in Claim 18 of the ’701 patent, the host computer is located in an “access channel,” while the security computer is located in the “authentication channel.” ’701 patent, 16:66-18:14. According to the claim, the authentication channel is “operating independently from said access channel.” Id., 17:10-12. Further, the claim recites two databases that the security computer uses to perform authentication—a “subscriber database” and 7 The specification states that the “corporate network” is the “same network” that contains the “host computer.” ’698 patent, 6:23-27. Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 18 of 31 Page ID #:2616 -14- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 a “biometric parameter database.” Id., 17:18-19, 18:10-13. Both databases are located in the authentication channel, so neither is a “database in the host network” (just as the “out-of-band” definition describes). Id., 17:10-18:13. No claim suggests that the security computer makes reference to the host computer or any database in the host network when it authenticates a user’s identity. StrikeForce may argue that the security computer does not operate “without reference to the host computer” because it sends an instruction to the host computer when authentication is complete. E.g., ’701 patent, 17:25-18:3. But sending an instruction after authentication is not the same as making “reference” to the host computer to perform authentication. Indeed, several claims that require the security computer to send an instruction to the host computer nevertheless state that the authentication channel (including the security computer) “operates independently” from the access channel (including the host computer). ’599 patent, Claims 11 and 18; ’701 patent, Claims 11 and 18. Thus, the claims of the Asserted Patents further demonstrate that the security computer authenticates “without reference” to the host computer. 6. The Prosecution History Requires the Security Computer To Operate “Out-of-Band” During prosecution, StrikeForce repeatedly relied on the explicit definition in the ’297 Application to distinguish the prior art. For example, in one office action response the applicant sought to distinguish U.S. Patent No. 5,153,918 to Tuai as follows: “Before proceeding further, the matters of in- band/out-of-band definitions and distinctions are addressed. There is a maxim in patent law, which arose long after dictionaries were compiled, that an Applicant is his own lexicographer.” Ex. D at SF000711 (emphasis added). The applicant had set forth his lexicography in a prior office action response, which amended the ’297 Application to include the following definition: “An ‘out-of-band’ operation is defined herein as one conducted without reference to Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 19 of 31 Page ID #:2617 -15- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 the host computer or any database in the host network.” Ex. C at SF000657. In that same office action response, the applicant stated: Tuai “defines an in-band system and is antithetical to Applicant’s system which is defined as out-of-band.” Ex. C at SF000660 (emphasis added). In a later response, the applicant argued that prior-art practices were “significantly different” from the claimed invention, “and especially so when the in-band/out-of-band aspect is considered.” Ex. D at SF000718 (emphasis added). The applicant carried this point through more than a decade of prosecution into re-examination of the ’599 Patent, arguing that “in the rejected claims, the authentication is via an out-of- band authentication network.” Ex. E at SF001006 (emphasis added). The applicant’s arguments during prosecution, quoted above, referred to an out-of-band “system” and “network” rather than an out-of-band “computer.” But as noted above, the specification uses the terms “security computer,” “security system,” and “security network” interchangeably. Supra, Part V.A.2. Thus, all of the applicant’s arguments in the prosecution history confirm that the “out-of-band” definition applies to the claimed “security computer.” The prosecution history also shows that the applicant specifically referred the examiner to the original “out-of-band” definition when using the “isolated” term at issue here. Specifically, the applicant argued that the invention used an “out-of-band channel isolated from the host computer with which the accessor (see definitions of out-of-band and accessor in the specification) seeks to connect.” Ex. C at SF000665 (emphasis added). This statement is consistent with the use of “isolated” in the specification, supra Part V.A.5, and provides additional support for SecureAuth’s proposed construction. 7. The Delaware and Massachusetts Courts Agree The Applicant Relied On “Out-of-Band” Operations To Distinguish Prior Art. In PhoneFactor, the Delaware court recognized that the “out-of-band” definition from the ’297 Application limited the claims of the Asserted Patents. Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 20 of 31 Page ID #:2618 -16- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Ex. A (Rpt. & Rec.) at 23-26. Specifically, the court found that “the patentee acted as his own lexicographer in defining an ‘out-of-band’ operation and relied on that definition in distinguishing prior art . . . .” Id. Thus, the court correctly construed the claims to incorporate that definition. Id. However, instead of applying the out-of-band definition to the “security computer,” the Delaware court applied it to the preambles of the claims at issue. Id. In Gemalto, the Massachusetts court agreed with the Delaware court “that during prosecution the patentee distinguished prior art based on the multichannel/out-of-band nature of the claimed invention.” 2017 WL 3813905 at *9. However, it declined to construe the preamble as limiting because it held that the out-of-band requirement was already incorporated into the constructions of “access channel” and “authentication channel.” Id. The Massachusetts court noted that a preamble does not limit a claim where it serves “only to state a purpose or intended use for the invention.” Catalina Mktg. Int’l, Inc. v. Coolsavings.com, Inc., 289 F.3d 801, 808 (Fed. Cir. 2002). But “security computer” is not a preamble term and there is no dispute that it limits the scope of the asserted claims. Further, SecureAuth’s proposed construction of “security computer” is not redundant to any other claim term. The Massachusetts court erred because the claimed “access channel” and “authentication channel” do not account for all requirements of the “out-of- band” definition that the applicant relied on in prosecution. As the parties agree here, the access channel and the authentication channel must “not share any facilities.” D.I. 119 at 2. But the “out-of-band” definition requires more than non-shared or separate facilities. It requires authentication to be conducted “without reference” to “any database in the host network.” Because the applicant repeatedly relied on this definition during prosecution—as the Delaware and Massachusetts courts both recognized—the claims must be construed to require it. As explained above, the definition properly applies to Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 21 of 31 Page ID #:2619 -17- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 the claimed “security computer.” Thus, the Court should adopt SecureAuth’s proposed construction of “security computer,” which fully recognizes the explicit disclosure in the patents’ specification and the applicant’s repeated admissions during prosecution. B. “Host Computer” The parties continued to meet and confer on the construction of “host computer” after filing the Joint Claim Construction and Prehearing Statement. To limit the disputes that must be resolved by the Court, the parties have agreed that “host computer” may be construed as “a computer (or a restricted portion thereof) to which the accessor is attempting to gain access.” C. Terms Subject to Section 112, Paragraph 6 All terms addressed in this section are subject to 35 U.S.C. § 112, ¶ 6, which states: An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. This statute allows a patentee to conveniently claim all structures that the patentee has described for accomplishing a recited function, without reciting all of those structures in the claims. Med. Instrumentation & Diagnostics Corp. v. Elekta AB, 344 F.3d 1205, 1211 (Fed. Cir. 2003). As a “quid pro quo” for this convenience, the patentee must “clearly link” the structures in the specification with the claimed function. Id. When a claim recites the words “means for,” there is a presumption that § 112, ¶ 6 applies. Williamson v. Citrix, 792 F.3d 1339, 1348 (Fed. Cir. 2015) (en banc). Conversely, there is a presumption that § 112, ¶ 6 does not apply when the claim lacks those words. Id. at 1349. Here, with one exception in a dependent claim, the parties do not dispute which terms are subject to § 112, Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 22 of 31 Page ID #:2620 -18- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 ¶ 6. When a claim term is subject to § 112, ¶ 6, it is construed in the following manner: The court must first identify the claimed function. Then, the court must determine what structure, if any, disclosed in the specification corresponds to the claimed function. Where there are multiple claimed functions, as we have here, the patentee must disclose adequate corresponding structure to perform all of the claimed functions. If the patentee fails to disclose adequate corresponding structure, the claim is indefinite. Id. at 1351-52 (internal citations omitted). When the structure corresponding to a recited function is merely a general purpose computer or microprocessor, the specification must also disclose an algorithm for performing the function. Aristocrat Techs. Austl. PTY Ltd. v. Int’l Game Tech., 521 F.3d 1328, 1332-33 (Fed. Cir. 2008). That algorithm is an essential part of the corresponding structure under § 112, ¶ 6. Id. Like any other structure, the algorithm must be clearly linked to the recited function. Noah Sys., Inc. v. Intuit, Inc., 675 F.3d 1302, 1313 (Fed. Cir. 2012) (noting disclosure “sufficient to clearly link” an algorithm with a recited function). 1. “Biometric Analyzer” SecureAuth’s Proposed Construction StrikeForce’s Proposed Construction Agreed Function: analyzing a monitored parameter of said accessor Structure: Speech module 66 as shown in FIG. 5 and described at 7:34-61 of the ’599 Patent, or fingerprint module 366 as shown in FIG. 12 and described at 13:1-31 of the ’599 Patent, with either module programmed to perform the steps of “monitoring the particular parameter of the individual person; including the parameter to a mathematical representation or Agreed Function: analyzing a monitored parameter of said accessor Structure: Monitoring the particular parameter of the individual person; translating the parameter to a mathematical representation or algorithm thereof; retrieving a previously stored sample (biometric data) thereof from a database and comparing the stored sample with the input of the accessor. Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 23 of 31 Page ID #:2621 -19- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 algorithm therefore; retrieving a previously stored sample (biometric data), thereof from a database and comparing the stored sample with the input of the accessor” as described at 6:29-35 of the ’599 Patent. The term “biometric analyzer” is recited in Claims 7, 11, 17, 18, 19, 28, and 31 of the ’599 patent, as well as Claims 7, 11, 17, 18, and 19 of the ’701 patent. The parties agree that this term is subject to § 112, ¶ 6. D.I. 119-1 at 6- 7. Further, the parties agree on the claimed function, and even refer to the same portion of the specification to identify the required algorithm. Id.; see also ’599 patent, 6:29-35 (passage describing algorithm). While SecureAuth quotes the passage exactly as it appears in the specification, StrikeForce’s proposal would modify several words of the passage, which are emphasized in the table above. StrikeForce’s modifications arise from a footnote in the PhoneFactor decision. The court there adopted a construction of “biometric analyzer” that incorporated the algorithm just as it appears in the specification, and just as SecureAuth proposes here. 2015 WL 5708577, *1. In the footnote, the court acknowledged the defendant’s argument that the algorithm was “unintelligible,” but declined to resolve the “ultimate interpretation” of the algorithm. Id. at *1, n.1. The court suggested one potential interpretation, but did not adopt it. Id. (“It seems to me that ‘including’ means something like ‘translating,’ that ‘therefore’ means ‘thereof,’ and that the comma is superfluous.”). By recognizing the need to rewrite several words of the algorithm, both StrikeForce and the Delaware court implicitly agree that it is nonsensical. But the algorithm’s flaws are not a license to rewrite the specification. The disclosure in the specification governs here, even if it renders the claims nonsensical. Columbia, 811 F.3d at 1365-67 (adopting a construction even though it made the claims “nonsensical” and therefore “indefinite”). Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 24 of 31 Page ID #:2622 -20- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 2. “Prompt Means” SecureAuth’s Proposed Construction StrikeForce’s Proposed Construction Agreed Function: instructing said accessor to enter predetermined data at and transmit said predetermined data from said [peripheral device/cellular telephone/PDA]. Structure: Speech module 66, as shown in FIG. 5 and described at 7:34-61 of the ’599 Patent, programmed to perform the steps 184-186 or 198-200, as shown in FIGS. 9B-9C and described at 10:12-30 and 10:59-11:8 of the ’599 Patent. Agreed Function: instructing said accessor to enter predetermined data at and transmit said predetermined data from said [peripheral device/cellular telephone/PDA] Structure: at least step 186 of Figure 9C, 10:12-31, step 200 of FIG. 9C, 10:59- 11:8, and/or software on security system 340/440, 12:59-63 and/or 13:54-58, or equivalents thereof. Claims 1, 11, and 18 of the ’599 patent recite a “prompt means.” Similarly, Claims 1, 11, and 18 of the ’701 patent recite a “prompt mechanism.” The parties agree that these terms are subject to § 112, ¶ 6. D.I. 119-1 at 7-8. The parties also agree on the function, but dispute the structure. Id. SecureAuth’s proposed structure is the speech module 66, programmed to perform steps 184-186 or 198-200, as shown in Figures 9B-9C. D.I. 119-1 at 8. Steps 184-186 include “Prompt Retrieved by Speech Module” (184) and “Prompt Played by Speech Module to User” (186). ’599 Patent, Figs. 9B-9C. Alternative steps 198-200 include “Speech Module Retrieves Prompt for User” (198) and “Prompt User and Collect Speech Password” (200). Id. In both pairs of steps, the first step is needed to retrieve the prompt before it can be played. StrikeForce inexplicably omits the first step in each pair. D.I. 119-1 at 7-8. StrikeForce also identifies “software on security system 340/440,” and cites the ’701 patent at “12:59-63 and/or 13:54-58.” Id. However, the steps described in these passages do not accomplish all of the claimed functions. As the parties have agreed, the claims require instructing the accessor to (1) “enter Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 25 of 31 Page ID #:2623 -21- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 predetermined data” and (2) “transmit predetermined data.” Id. The steps in the cited passages address only the first of these two functions. ’701 patent, 12:59- 63 (user “prompted to enter a password” but not to transmit); 13:54-58 (user prompted “to enter their fingerprint” but not to transmit). Because the steps fail to “perform all of the claimed functions,” they are not corresponding structure for § 112, ¶ 6. Williamson, 792 F.3d at 1351-52. Thus, the Court should reject StrikeForce’s proposal and adopt SecureAuth’s proposal instead. 3. “Authentication Program Means” SecureAuth’s Proposed Construction StrikeForce’s Proposed Construction Agreed Function: authenticating [said/an] accessor demanding access to said host computer Structure: Control module 62 programmed to perform steps 174-219 as shown in FIGs. 9B- 9E and described at 9:64-12:2 of the ’599 Patent. Agreed Function: authenticating [said/an] accessor demanding access to said host computer Structure: at least step 196, 10:23-59 and/or step 208, 11:1-25, and/or security system 340/440, 12:59-13:3 and/or 13:59-64, or equivalents thereof. Claims 7, 11, and 18 of the ’599 patent recite an “authentication program means.” Similarly, Claims 7, 11, and 18 of the ’701 patent recite an “authentication program mechanism.” The parties agree that these terms are subject to § 112, ¶ 6 and should share the same construction. D.I. 119-1 at 8-9. The parties agree on the function but dispute the corresponding structure. Id. SecureAuth’s proposed structure uses the algorithm that StrikeForce itself proposed in PhoneFactor, and that the court adopted in that case. Ex. A (Rpt. & Rec. at 50-51). Despite proposing this algorithm in Delaware, StrikeForce now proposes different algorithms that contain only one step—namely, step 196 of Fig. 9C or step 208 of Figure 9D. These steps simply ask, “Does the DTMF Password Match?” (Step 196) or “Does the Speech Password Match?” (Step 208). Merely matching two pieces of data is not sufficient to accomplish the Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 26 of 31 Page ID #:2624 -22- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 function of “authenticating an accessor,” which is why StrikeForce itself previously identified the complete algorithm shown in steps 174-219 of Figures 9B- 9E. Ex. A (Rpt. & Rec. at 50-51). After step 196, for example, the flow chart continues with fourteen more steps before it finally “grants access” to the authenticated user. ’599 patent, 11:67-12:2. If the user was authenticated by step 196 alone, the flow chart would not include those fourteen subsequent steps. Relatedly, the specification does not “clearly link” step 196 or step 208, individually, to the full function of authenticating an accessor. Med. Instrumentation, 344 F.3d at 1211. At most, the specification links the authenticating function to the broader process shown in steps 174-219. StrikeForce also argues that the required algorithm may be found in the ’599 patent at “12:59-13:3 and/or 13:59-64.” D.I. 119-1 at 8-9. However, neither of these passages provides an algorithm to accomplish the authenticating function. Instead, they just name the function. ’599 patent, 12:59-13:3 (“The security system 340 authenticates the user”); 13:59-64 (“security system 440 now authenticates the user’s fingerprint”) (emphases added). That does not satisfy § 112, ¶ 6. Noah Systems, 675 F.3d at 1316-17. Thus, the Court should reject StrikeForce’s proposal and adopt SecureAuth’s proposal instead. 4. “Authentication Program” SecureAuth’s Proposed Construction StrikeForce’s Proposed Construction Same as “authentication program means” Plain and ordinary meaning SecureAuth proposes that the term “authentication program” in Claim 20 of the ’698 patent should have the same construction as the “authentication program means” addressed in the previous section. D.I. 119-1 at 9. StrikeForce disagrees, and argues that “authentication program” is not subject to § 112, ¶ 6. Claim 20 recites “an authentication program for authenticating access to the host computer.” ’698 patent, 15:41-43. Because the claim recites a function, it is subject to § 112, ¶ 6 unless it also recites structure sufficient to Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 27 of 31 Page ID #:2625 -23- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 perform that function. Williamson, 792 F.3d at 1349. But the only potential structure that claim 20 associates with the function is a “program,” and that is insufficient as a matter of law. Aristocrat, 521 F.3d at 1332-33 (holding that a computer with “appropriate programming” was not sufficient structure). Thus, the “authentication program means” is subject to § 112, ¶ 6. 5. “Component for Receiving” SecureAuth’s Proposed Construction StrikeForce’s Proposed Construction Function: receiving the transmitted data and comparing said transmitted data to predetermined data, such that, depending on the comparison of the transmitted and the predetermined data, said security computer outputs an instruction to the host computer to grant access to the host computer or deny access thereto. Structure: Control module 62 programmed to perform steps 188-196 as shown in FIG. 9C and described at 10:24-54 of the ’599 Patent, and steps 202-208 as shown in FIGS. 9C-9D and described at 11:1-31 of the ’599 Patent. Function: receiving the transmitted data and comparing said transmitted data to predetermined data Structure: ’698 patent at FIG. 9C, steps 188-196, 10:46-65, ’698 patent, FIGs. 9C-9D, steps 202-208; 11:24-55, and equivalents thereof, and/or software on security system 340/440, 13:15-38 and/or 14:12-20, and equivalents thereof. The parties agree that the “component for receiving” in Claim 54 of the ’698 patent is subject to § 112, ¶ 6. D.I. 119-1 at 10. However, the parties dispute the claimed function and the corresponding structure. Id. Function: StrikeForce’s proposal omits the part of the claimed function shown with emphasis in the table above, i.e., the “such that” clause. To support this proposed omission, StrikeForce may cite the Delaware court’s decision that found the omitted language was not part of the claimed function. Ex. A (Rpt. & Rec.) at 43. Specifically, the court concluded that the “such that” clause Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 28 of 31 Page ID #:2626 -24- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 described a separate function of the “security computer,” rather the “component for receiving.” Id. However, the court did not consider the Federal Circuit’s relevant holding in Noah Systems, 675 F.3d at 1313-14. The claim limitation at issue in Noah Systems included a “so that” clause, which is analogous to the “such that” clause in this case. Specifically, the claimed function in Noah Systems was “providing access to the file of the financial accounting computer for the first entity and/or agents of the first entity so that the first entity and/or the agent can perform one or more of the activities selected from the group consisting of entering, deleting, reviewing, adjusting and processing the data inputs.” Id. (emphasis in original). The court held that “there are really two functions recited, namely: (1) providing access to the file; and (2) once access is provided, enabling the performance of delineated operations.” Id. Just as the “so that” clause could not be ignored in Noah Systems, the “such that” clause cannot be ignored here. The corresponding structure for a § 112, ¶ 6 term must “perform all of the claimed functions.” Williamson, 792 F.3d at 1351-52. Applying Noah Systems to claim 54, the functions here include (1) “receiving the transmitted data,” (2) “comparing said transmitted data to predetermined data,” and (3) ensuring that “said security computer outputs an instruction to the host computer to grant access to the host computer or deny access thereto.” Structure: The parties agree that the “component for receiving” is implemented by the algorithms illustrated in steps 188-196 of Figure 9C, or steps 202-208 of Figures 9C-9D. D.I. 119-1 at 10. However, StrikeForce fails to identify the structure that carries out these algorithms. The relevant structure is control module 62, illustrated in Figure 3. See ’698 patent, 10:46-65; 11:24- 65 (describing how control module 62 performs the steps). The control module works together with the speech module 66, which is illustrated in Figure 5. Id. StrikeForce contends that the “component for receiving” could also be Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 29 of 31 Page ID #:2627 -25- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 implemented by “software on security system 340/440.” But a generic reference to “software” is insufficient as a matter of law. Aristocrat, 521 F.3d at 1332-33 (holding that a computer with “appropriate programming” was not sufficient structure). Following its reference to “software,” StrikeForce cites two passages of the ’698 patent but does not identify any algorithm that is allegedly disclosed in those passages. D.I. 119-1 at 10. At most, the passages restate part of the function recited in the claim. ’698 patent, 13:15-38, 14:12-20. But the passages never state how to perform the claimed function, so they do not provide a sufficient algorithm. See Noah Systems, 675 F.3d at 1316-17 (“This type of purely functional language, which simply restates the function associated with the means-plus-function limitation, is insufficient to provide the required corresponding structure.”); Williamson, 792 F.3d at 1351-52 (disclosure that repeats claimed function “does not set forth an algorithm”). Thus, StrikeForce’s proposed construction is incorrect and the Court should adopt SecureAuth’s proposed construction instead. D. “Multichannel Security System” and “Security System” If the Court does not adopt SecureAuth’s proposed construction of “security computer,” it should at least construe the preamble terms “multichannel security system” and “security system” to mean “a system that operates without reference to a host computer or any database in a network that includes the host computer”—just as the Delaware court construed them. Ex. A (Rpt. & Rec.) at 23-26. This construction incorporates the “out-of-band” definition from the ’297 Application, which limits the asserted claims for the reasons explained above in Part V.A. VI. CONCLUSION As explained above, the Court should adopt SecureAuth’s proposed constructions because they are all supported by the claims, specification, prosecution history, and controlling authority. Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 30 of 31 Page ID #:2628 -26- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Respectfully submitted, KNOBBE, MARTENS, OLSON & BEAR, LLP Dated: October 30, 2017 By: /s/ Jon W. Gurka Jon W. Gurka Stephen W. Larson Jeremy A. Anapol Attorneys for Defendant SECUREAUTH CORPORATION 26850408 Case 2:17-cv-04314-JAK-SK Document 120 Filed 10/30/17 Page 31 of 31 Page ID #:2629