Reset A A Font size: Print

United States Court of Appeals, Federal Circuit.




Decided: March 27, 2017

Before NEWMAN, DYK, and TARANTO, Circuit Judges. TARANTO, Circuit Judge. BYRON LEROY PICKARD, Sterne Kessler Goldstein & Fox, PLLC, Washington, DC, argued for appellant. Also represented by LORI A. GORDON. MARC WADE VANDER TUIG, Senniger Powers LLP, St. Louis, MO, argued for cross-appellants. Also represented by ROBERT M. EVANS, JR.; HILDA C. GALVAN, Jones Day, Dallas, TX; GEOFFREY K. GAVIN, Atlanta, GA; JASON STEWART JACKSON, Kutak Rock LLP, Omaha, NE. Cross-appellant Commerce Bancshares, Inc. also represented by KYLE G. GOTTUSO, Senniger Powers LLP, St. Louis, MO. Cross-appellant Compass Bank also represented by MARK HOWLAND, Carrington Coleman Sloman & Blumenthal, Dallas, TX. JOEL ROBERT MERKIN, Kirkland & Ellis LLP, Chicago, IL, argued for appellee. Also represented by KENNETH R. ADAMO, EUGENE GORYUNOV, MEREDITH ZINANNI.

In two inter partes review proceedings, IPR2014-00682 and IPR2014-00801, the Patent Trial and Appeal Board determined that certain claims of U.S. Patent No. 6,715,084 were unpatentable. The patent owner, Intellectual Ventures II, LLC, appeals, arguing that the Board's determinations of unpatentability relied on an unreasonably broad construction of the claims. The petitioners in IPR2014-00801, Commerce Bancshares, Inc., Compass Bank, and First National Bank of Omaha (collectively, the Banks), cross-appeal the Board's rejection of their patent-ability challenge to claim 33 in that proceeding.

We affirm the Board's decision in IPR2014-00682. The affirmed holding of unpatentability applies to all of the claims at issue in the other proceeding, IPR2014-00801, including claim 33. We therefore dismiss the appeals from the Board's decision in IPR2014-00801 as moot.


The '084 patent describes and claims systems and methods for “broad scope” network-intrusion detection. According to the patent, conventional intrusion-detection systems analyzed data entering a single host or computer. '084 patent, col. 3, line 51 through col. 5, line 42. The invention analyzes data that has entered multiple hosts and computers, thereby enabling the detection of anomalies that would be more difficult or impossible to recognize by analyzing data from only a single host or computer. Id., col. 5, lines 44–56. The '084 patent issued from U.S. Patent Application No. 10/108,078 and claims a priority date of March 26, 2002.

Claim 26 is representative of the claims at issue. That claim recites: “A data collection and processing center comprising a computer with a firewall coupled to a computer network, the data collection and processing center monitoring data communicated to the network, and detecting an anomaly in the network using network-based intrusion detection techniques comprising analyzing data entering into a plurality of hosts, servers, and computer sites in the networked computer system.” '084 patent, col. 14, lines 18–25. Claims 28 and 30–33 depend from claim 26. '084 patent, col. 14, lines 33–37, 43–56.

In April 2014, International Business Machines Corp. (IBM) petitioned for inter partes review of various claims of the '084 patent. In May 2014, the Banks petitioned for inter partes review of all claims. The Board instituted review in two separate proceedings—for IBM, IPR2014-00682; for the Banks, IPR2014-00801. In both cases, the Board instituted review of claims 26, 28, and 30–33 and denied review of the remaining claims. See Int'l Bus. Mach. Corp. v. Intellectual Ventures II LLC, No. IPR2014-00682 (P.T.A.B. Oct. 30, 2014), Paper No. 11; Commerce Bancshares, Inc. v. Intellectual Ventures II LLC, No. IPR2014-00801 (P.T.A.B. Dec. 1, 2014), Paper No. 7. Only claims 26, 28, and 30–33 are at issue in the appeals before us.

In IBM's proceeding, IPR2014-00682, the Board concluded that the challenged claims would have been obvious over Phillip A. Porras & Alfonso Valdes, Live Traffic Analysis of TCP/IP Gateways, in Proc. 1998 ISOC Symp. on Network & Distributed Sys. Sec. 1 (1997) (Porras), in combination with William R. Cheswick & Steven M. Bellovin, Firewalls and Internet Security (1st ed. 1994) (Ex. 1008) (Cheswick). See Int'l Bus. Mach., No. IPR2014-00682 (P.T.A.B. Oct. 21, 2015), Paper No. 35 (IPR2014-00682 Decision). In relevant part, Porras describes a hierarchical system of “surveillance monitors” (or “modules”), one at the enterprise level, others at individual gateways. 16-1528 J.A. 680. “The enterprise monitor is identical to the individual gateway monitors (i.e., they use the same code base), except that it is configured to correlate activity reports produced by the gateway monitors. The enterprise monitor employs both statistical anomaly detection and signature analyses to further analyze the results produced by the distributed gateway surveillance modules, searching for commonalities or trends in the distributed analysis results.” Id. at 680–81.

In determining that the challenged claims would have been obvious, the Board rejected Intellectual Ventures' argument that the relevant claims of the '084 patent require the “data collection and processing center” to directly analyze some data that enters the network. Instead, the Board concluded, the claims in their broadest reasonable construction may be satisfied if the “data collection and processing center” indirectly analyzes data that enters the network by analyzing results of analyses conducted by other network devices that directly receive the data. Based on that construction, the Board concluded that the required claim elements are disclosed in Porras through its descriptions of “anomaly reports” and “analysis results” sent to a central server. See IPR2014-00682 Decision 15–16.

In the Banks' proceeding, IPR2014-00801, the Board instituted review only on the Banks' anticipation challenge based on U.S. Patent Application Publication No. 2003/0110392 (Aucsmith). In its Final Written Decision, the Board found that Aucsmith anticipated claims 26, 28, and 30–32 but not claim 33. Commerce Bancshares, No. IPR2014-00801 (P.T.A.B. Oct. 21, 2015), Paper No. 23.

Intellectual Ventures appeals the Board's determinations of unpatentability in both proceedings, principally on the basis of its rejected claim-construction argument. The Banks cross-appeal the Board's finding of no anticipation of claim 33 in the Banks' proceeding, IPR2014-00801. Because we conclude that the Board's decision in IBM's proceeding, IPR2014-00682, properly determines to be unpatentable all of the claims at issue in both proceedings, we address only that decision. We have jurisdiction under 28 U.S.C. § 1295(a)(4)(A).


In this case, claim construction is dispositive. Intellectual Ventures' challenge to the ruling in IBM's proceeding, IPR2014-00682, rests entirely on a claim-construction challenge. For the reasons we explain, we reject that challenge and therefore affirm the Board's cancellation of claims 26, 28, 30–33 in that proceeding. That affirmance moots the appeal in the Banks' proceeding, IPR2014-00801.

The Board adopts the broadest reasonable construction in a matter like this. Cuozzo Speed Techs., LLC v. Lee, 136 S. Ct. 2131, 2142–46 (2016). We review that construction de novo, because there was no factual evidence introduced that is pertinent to the construction. See Teva Pharm. USA, Inc. v. Sandoz, Inc., 135 S. Ct. 831, 840–42 (2015); D'Agostino v. MasterCard Int'l Inc., 844 F.3d 945, 988 (Fed. Cir. 2016).


Intellectual Ventures argues that the ordinary meaning of certain claim limitations—“monitoring data communicated to the network,” “detecting an anomaly in the network,” and “analyzing data entering into a plurality of hosts, servers and computer sites”—excludes systems in which other network devices, having received data, forward only anomaly reports or analysis results to the “data collection and processing center,” without forwarding any of the raw, system-entering data. We disagree. The claim language, given its broadest reasonable construction in light of the specification and the prosecution history, is not limited to direct data analysis.

Intellectual Ventures' position depends on the simple assertion that “analyzing data,” as an ordinary-language matter, is limited to directly examining the raw data. But Intellectual Ventures does not support that assertion with any specialized technical linguistic evidence or point to anything distinctive about the particular kind of “data” at issue here. Rather, it asks us simply to agree with its restrictive view of “analyzing data” based on our general familiarity with English.

We do not agree: the permissible ordinary usage of “analyzing data” is not limited to direct raw-data analysis. There is nothing unreasonable about saying, in a range of circumstances, that a person or computer “analyzes” data by analyzing information about the data rather than itself examining the raw data. Suppose that a central system relies on several agents each to collect a sample of data, to generate sample-size, mean, variance, or other information about its sample, and to send the information to the central system. It is reasonable to say that the central system, when it then directly analyzes the received information collectively, is analyzing the sample data. Such indirect analysis of the raw data is still analysis of the data.

The specification makes such usage a particularly reasonable one in the context of this patent. In one passage, the specification states that, in at least one embodiment, “certain devices can be used as sensors to sense data traffic and pass their findings on to the data collection and processing center,” suggesting that the invention is not limited to direct analysis. '084 patent, col. 7, lines 44–51. Intellectual Ventures' only response is to assert that the passage describes an unclaimed embodiment. But there is no basis for treating the specification passage as unclaimed except Intellectual Ventures' prior conclusion that the ordinary meaning of the claim language simply cannot include the described arrangement. That is just the conclusion, as just explained, we cannot accept.

Intellectual Ventures adds one contention based on the “detecting an anomaly” claim language: it says that the specification makes clear that “detecting” and “classifying” anomalies are distinct in a way that excludes indirect analysis of data. See '084 patent, col. 4, lines 4–6 (“Most of the reported anomalies are purely coincidental statistical exceptions and do not reflect actual security problems.”); col. 4, lines 25–28 (“Expert systems (also known as rule-based systems) have had some use in misuse detection, generally as a layer on top of anomaly detection systems for interpreting reports of anomalous behavior.”). The specification does not support the contention. The cited passages establish no more than that the claims include direct “detecting,” not that they exclude indirect “detecting” (which Intellectual Ventures characterizes as “classifying”). Moreover, in another passage, the specification implies that further analysis of “suspicious network traffic events” constitutes “detecting” an “anomaly,” suggesting that “detecting” is not limited to the initial determination of whether the data entering the network is statistically aberrational. '084 patent, col. 8, lines 22–31 (“The present invention uses a multi-stage technique in order to improve intrusion detection efficacy and obtain broader scope detection. First, suspicious network traffic events are collected (potentially in context) and forwarded to a central database and analysis engine, then the centralized engine uses pattern correlations across multiple customer's events in order to better determine the occurrence and sources of suspected intrusion-oriented activity prior to actually alarming.”).

Nothing else in the record compels a different result. Contrary to Intellectual Ventures' contention, the prosecution history suggests that the claimed systems differed from the prior art because they were limited to broad-scope detection, i.e., collecting data from multiple hosts, not because the claimed systems were limited to direct analysis of raw data. 16-1528 J.A. 1063 (“None of the cited prior art, on the other hand, discloses or suggests the use of network-based intrusion techniques on the analysis of data entering into a plurality of hosts, servers, and/or computer sites in the networked computer system ․”). And the relevant portions of the parties' expert declarations and deposition testimony merely recapitulate the parties' positions regarding the claim language and specification evidence. We therefore see no reason to disturb the Board's claim construction.


Intellectual Ventures does not argue that Porras fails to disclose the required claim elements under the Board's construction of the claims. We therefore affirm the Board's determination in IBM's proceeding, IPR2014-00682, that claims 26, 28, and 30–33 would have been obvious. The very same claims are at issue in the appeal from the Board's ruling in the Banks' proceeding, IPR2014-00801. Our affirmance of the Board's cancellation of those claims in IBM's proceeding leaves no live issue in the Banks' proceeding. We therefore dismiss the appeal and cross-appeal in IPR2014-00801. See Synopsys, Inc. v. Lee, 812 F.3d 1076, 1077–78 (Fed. Cir. 2016); 13C Charles Alan Wright et al., Federal Practice and Procedure § 3533.10 (3d ed. 2017) (“Among the circumstances that create mootness are rulings in other adjudicatory proceedings, including rulings by the same court in the same or companion proceedings ․”).


For the foregoing reasons, we affirm the Board's final written decision in IPR2014-00682 cancelling claims 26, 28, and 30–33. We dismiss Intellectual Ventures' appeal and the Banks' cross-appeal in IPR2014-00801 as moot.

Costs awarded to IBM and the Banks.


Copied to clipboard