Skip to main content

CUPP COMPUTING AS v. Katherine K. Vidal, Under Secretary of Commerce for Intellectual Property and Director of the United States Patent and Trademark Office, Intervenor

Reset A A Font size: Print

United States Court of Appeals, Federal Circuit.

CUPP COMPUTING AS, Appellant v. TREND MICRO INC., Appellee Katherine K. Vidal, Under Secretary of Commerce for Intellectual Property and Director of the United States Patent and Trademark Office, Intervenor

2020-2262, 2020-2263, 2020-2264

Decided: November 16, 2022

Before Dyk, Taranto, and Stark, Circuit Judges. Paul J. Andre, Kramer Levin Naftalis & Frankel LLP, Redwood Shores, CA, argued for appellant. Also represented by James R. Hannah; Cristina Martinez, Jeffrey Price, New York, NY. Robert Buergi, DLA Piper LLP (US), East Palo Alto, CA, argued for appellee. Also represented by Mark D. Fowler; Stanley Joseph Panikowski, III, San Diego, CA. Michael S. Forman, Office of the Solicitor, United States Patent and Trademark Office, Alexandria, VA, argued for intervenor. Also represented by Sarah E. Craven, Thomas W. Krause, Farheena Yasmeen Rasheed.

CUPP Computing AS (“CUPP”) appeals three inter partes review (“IPR”) decisions of the Patent Trial and Appeal Board (“Board”) concluding that petitioner Trend Micro Inc. had shown challenged claims in CUPP's U.S. Patents Nos. 8,631,488 (“'488 patent”), 9,106,683 (“'683 patent”), and 9,843,595 (“'595 patent”) unpatentable as obvious over two prior art references: U.S. Patent No. 7,818,803 (“Gordon”) and U.S. Patent App. Pub. No. 2010/0218012 A1 (“Joseph”). We affirm.


The three patents at issue, which share a common name and priority date, address the problem of malicious attacks aimed at mobile devices. See J.A. 362, 400, 438. They generally concern systems and methods for waking a mobile device from a power-saving mode and then performing security operations on the device, “such as scanning a storage medium for malware, or updating security applications.” J.A. 53.

There are two issues on appeal. First, an issue of claim construction that applies to each of the three patents. And second, an issue unique to the '595 patent: whether substantial evidence supports the Board's finding that either Joseph or Gordon renders obvious a claimed “security agent” on a mobile device, which “perform[s] security services.” '595 patent, col. 31, ll. 38–40 & col. 32, ll. 41–43.

The contested claim construction involves the limitation concerning a “security system processor,” which appears in every independent claim in the patents. See '488 patent, col. 30, ll. 37–40 & col. 31, ll. 10–13 & col. 32, ll. 18– 20; see also '595 patent, col. 31, ll. 25–26 & col. 32, ll. 44– 46; '683 patent, col. 30, ll. 37–40 & col. 31, ll. 5–7 & col. 32, ll. 15–18. Claim 10 of the '488 patent is illustrative:

10. A mobile security system, comprising:

a mobile security system processor;

a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device;

security instructions; and

a security engine configured to:

detect using the mobile security system processor a wake event;

provide a wake signal to the mobile device, the mobile device having a mobile device processor different than the mobile security system processor, the wake signal being in response to the wake event and adapted to wake at least a portion of the mobile device from a power management mode; and

after providing the wake signal to the mobile device, executing the security instructions using the mobile security system processor to manage security services configured to protect the mobile device.

'488 patent, col. 31, ll. 1–19 (security system processor limitation emphasized); see also '595 patent, col. 31, ll. 14–51; '683 patent, col. 30, ll. 35–46.1

In March 2019, Trend Micro petitioned the Board for inter partes review of several claims in the '488, '683, and '595 patents, arguing that the claims were unpatentable as obvious. As relevant here, Trend Micro relied on Gordon and Joseph individually to show that all challenged claims would have been obvious, including the claims' security system processor limitation. CUPP responded that the security system processor limitation required that the security system processor be “remote” from the mobile device processor, and that neither Gordon nor Joseph disclosed this limitation because both taught a security processor bundled within a mobile device. CUPP further contended that the '595 patent claims' “security agent” located on the mobile device, which “perform[s] security services,” was not disclosed in the prior art. '595 patent, col. 31, ll. 14–51 & col. 32, ll. 29–63.

The Board instituted review and, in three final written decisions, found all the challenged claims obvious over the prior art. “[C]onstruing the claim[s] in accordance with the[ir] ordinary and customary meaning ․ as understood by one of ordinary skill in the art,” 37 C.F.R. § 42.100(b), the Board held that the challenged claims did not require that the security system processor be remote from the mobile device processor. The Board was also persuaded that the '595 patent's “security agent” element was obvious over either Gordon or Joseph. CUPP appealed.

Following the Supreme Court's decision in United States v. Arthrex, Inc., ––– U.S. ––––, 141 S. Ct. 1970, 210 L.Ed.2d 268 (2021), we remanded the case to give CUPP an opportunity to request rehearing of the final written decisions from the Director of the United States Patent and Trademark Office, while retaining jurisdiction over the appeal. CUPP took that opportunity, and the Acting Director denied the requests. CUPP renewed its appeal. We have jurisdiction under 28 U.S.C. § 1295(a)(4)(A).


“A patent may not be obtained ․ if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art ․” 35 U.S.C. § 103(a) (2008).2 “In reviewing the Board's determination on the question of obviousness, we review the Board's legal conclusions de novo and its factual findings for substantial evidence.” Becton, Dickinson & Co. v. Baxter Corp. Englewood, 998 F.3d 1337, 1339 (Fed. Cir. 2021) (internal quotation marks, citation, and alterations omitted).

In IPR proceedings the Board now applies the Phillips claim construction standard governing federal courts. See 37 C.F.R. § 42.100(b); Phillips v. AWH Corp., 415 F.3d 1303 (Fed. Cir. 2005) (en banc); Polaris Innovations Ltd. v. Brent, 48 F.4th 1365, 1372 n.3 (Fed. Cir. 2022).


We begin with the security system processor limitation.3 CUPP argues that the claims require that the security system processor be separate and remote from the mobile device. It relies on the language of the claims, the specification, and disclaimers made during the original examination and IPR proceedings.


The security system processor limitation requires that “the mobile device hav[e] a mobile device processor different than the mobile security system processor.” '488 patent, col. 31, ll. 10–12; see also '683 patent, col. 31, ll. 6–8 (same); '595 patent, col. 31, ll. 25–26 (“a security system processor being different than the mobile device processor”).

As the Board properly concluded, the fact that the security system processor is “different” than the mobile device processor does not suggest that the two processors are remote from one another. In ordinary usage, “different” simply means “dissimilar,” see J.A. 12 (quoting general-purpose dictionaries), and CUPP has given us no reason to apply a more specialized meaning to the word here. See also Webster's Third New International Dictionary 630 (2002) (defining “different” to mean “partly or totally unalike in nature, form, or quality ․ having at least one property not possessed by another”); Phillips, 415 F.3d at 1314 (when “the ordinary meaning of claim language as understood by a person of skill in the art may be readily apparent even to lay judges ․ general purpose dictionaries may be helpful”). A feature need not be remote from another feature to be “different.” So two processors may be different from one another and yet both be embedded in a single device.

The specification explicitly recognizes as much. In one “preferred embodiment[ ]” of the invention, '488 patent, col. 30, ll. 9–10, “the mobile security system ․ may be incorporated within the mobile device.” Id., col. 8, ll. 16–17 (emphasis added); see also '595 patent, col. 30, ll. 55–56 & col. 8, ll. 38–39 (same); '683 patent, col. 30, ll. 9–10 & col. 8, ll. 17–18 (same). We require “highly persuasive” evidence to read claims as excluding a preferred embodiment of the invention. Vitronics Corp. v. Conceptronic, Inc., 90 F.3d 1576, 1583–84 (Fed. Cir. 1996). Indeed, “a claim interpretation that excludes a preferred embodiment from the scope of the claim is rarely, if ever, correct.” Accent Packaging, Inc. v. Leggett & Platt, Inc., 707 F.3d 1318, 1326 (Fed. Cir. 2013) (citation omitted). As we have said, “[t]he only meaning that matters in claim construction is the meaning in the context of the patent.” Trustees of Columbia Univ. v. Symantec Corp., 811 F.3d 1359, 1363 (Fed. Cir. 2016). Here, the specification strongly suggests that “different” does not mean “remote,” and nothing in the claims requires otherwise.

CUPP responds that, because at least independent claims in the '488 and '595 patents require the security system to send a wake signal “to” the mobile device, and “communicate with” the mobile device, the system (and its processor) must be remote from the mobile device processor. '595 patent, col. 31, ll. 14–51; '488 patent, col. 31, ll. 2– 15 (teaching that the security system can “communicat[e] with the mobile device”). That conclusion is reinforced, CUPP says, because in some claims the security system communicates “with the mobile device” via a “data port.” '488 patent, col. 31, ll. 2–5; see also '683 patent, col. 31, ll. 3–5 (same); '595 patent, col. 31, ll. 16–18 (disclosing that the security system's “communication interface [is] configured to communicate with a mobile device”). CUPP relies in addition on language in the '595 patent that there be a “communication interface” as suggesting that the mobile device must be in communication with an external device. '595 patent, col. 31, ll. 16–18.

We are not persuaded. The Board properly construed the security system processor limitation in line with the specification. Just as a person can send an email to him- or herself, and an employee can communicate with the entity that employs that person, a unit of a mobile device can send a signal “to,” or “communicate with,” the device of which it is a part. Nor does the fact that some claims mention a “data port” suggest otherwise. The dependent claims in the '595 patent teach that the security system's “communication interface” can communicate with the mobile device via “an external port” or “an internal port.” '595 patent, col. 31, ll. 55–60. And extrinsic evidence does not overcome the intrinsic evidence. To the contrary, the record includes extrinsic evidence further supporting the conclusion that a person of skill in the art around the time of the patents' effective filing date would read “port” to include internal ports. J.A. 2183, 2184, 2193, 2214. The claims' reference to the security system's communication with the mobile device thus does not exclude communication via an internal port.



CUPP argues that, because it disclaimed a non-remote security system processor during the initial examination of one of the patents at issue, the Board's construction is erroneous. The Board properly rejected that argument.

During prosecution of the '683 patent, the Patent Office examiner found all claims in the application obvious in light of the prior art, relying on U.S. Patent App. Pub. No. 2010/0195833 Al (“Priestley”) to show that the security system processor limitation was disclosed in the prior art. The examiner found that Priestley taught a mobile security system, called a Trusted Platform Module (“TPM”), different than a mobile device processor. According to the examiner, the TPM in Priestley is usually “implemented as an additional stand-alone chip attached to a PC motherboard” and “may be implemented in hardware or software.” Trend Micro Inc. v. CUPP Computing AS, IPR2019-00764, Ex. 2001 at 127. As such, the “use of separate security processors would be an obvious interchangeable variation of the underlying hardware.” Id. CUPP's response to the examiner could be read to say, inter alia, that if the TPM “were implemented as a stand-alone chip attached to a PC motherboard,” it would be “part of the motherboard of the mobile devices” rather than being a separate processor. J.A. 3578. The TPM would therefore not constitute “a mobile security system processor different from a mobile system processor.” Id. The examiner allowed the claims.

“The doctrine of prosecution disclaimer precludes patentees from recapturing through claim interpretation specific meanings disclaimed during prosecution.” Mass. Inst. of Tech. v. Shire Pharms., Inc., 839 F.3d 1111, 1119 (Fed. Cir. 2016) (ellipsis, alterations, and citation omitted). However, a patentee will only be bound to a “disavowal [that was] both clear and unmistakable.” Id. (citation omitted). Thus, where “the alleged disavowal is ambiguous, or even amenable to multiple reasonable interpretations, we have declined to find prosecution disclaimer.” Avid Tech., Inc. v. Harmonic, Inc., 812 F.3d 1040, 1045 (Fed. Cir. 2016) (internal quotation marks and citation omitted).

CUPP's purported disclaimer did not unmistakably renounce security system processors embedded in a mobile device. CUPP asserted that, because the TPM could be part of the mobile device's motherboard, Priestley did not disclose a security system processor different than a mobile device processor. Under one plausible reading, CUPP's point was that Priestley failed to teach different processors because the TPM lacks a distinct processor. Under this interpretation, if the TPM were “a stand-alone chip attached to a ․ motherboard,” it would rely on the motherboard's processor, and not have its own different processor. J.A. 3578. CUPP's comment to the examiner is therefore consistent with it retaining claims to security system processors embedded in a mobile device with a separate processor. As the Board properly held, this reading is a “reasonable interpretation[ ]” that defeats CUPP's assertion of prosecutorial disclaimer. Avid Tech., Inc., 812 F.3d at 1045 (citation omitted); see also J.A. 20–22.


CUPP finally contends that the Board erred by rejecting CUPP's disclaimer in the IPRs themselves, disavowing a security system processor embedded in a mobile device. For support, CUPP cites our decision in Aylus Networks, Inc. v. Apple Inc., 856 F.3d 1353 (Fed. Cir. 2017), for the proposition that patentee disclaimers during IPRs effectively narrow claim scope. The Board concluded that it could ignore this disavowal in construing the claims. We agree.

Aylus is of no help to CUPP. Aylus says only that a patentee's disclaimer during an IPR can bind the patentee to a narrower claim interpretation in a subsequent proceeding, in that case a district court infringement proceeding. See Aylus, 856 F.3d at 1355, 1361. The rule in Aylus “ensure[s] that claims are not argued” by the patentee “one way in order to maintain [the claims'] patentability and in a different way against accused infringers.” Id. at 1360. The case says nothing about whether a patentee's disavowal is binding in the very proceeding in which it is made.

We now make precedential the straightforward conclusion we drew in an earlier nonprecedential opinion: “[T]he Board is not required to accept a patent owner's arguments as disclaimer when deciding the merits of those arguments.” VirnetX Inc. v. Mangrove Partners Master Fund, Ltd., 778 F. App'x 897, 910 (Fed. Cir. 2019). A rule permitting a patentee to tailor its claims in an IPR through argument alone would substantially undermine the IPR process. Congress designed inter partes review to “giv[e] the Patent Office significant power to revisit and revise earlier patent grants,” thus “protect[ing] the public's paramount interest in seeing that patent monopolies are kept within their legitimate scope.” Cuozzo Speed Techs., LLC v. Lee, 579 U.S. 261, 272, 279–80, 136 S.Ct. 2131, 195 L.Ed.2d 423 (2016) (internal quotation marks, citation, ellipses, and alterations omitted). If patentees could shapeshift their claims through argument in an IPR, they would frustrate the Patent Office's power to “revisit” the claims it granted, and require focus on claims the patentee now wishes it had secured. See also Oil States Energy Servs., LLC v. Greene's Energy Grp., LLC, ––– U.S. ––––, 138 S. Ct. 1365, 1373, 200 L.Ed.2d 671 (2018) (emphasis altered) (“[T]he decision to grant a patent is a matter involving ․ the grant of a public franchise. Inter partes review is simply a reconsideration of that grant.”).

To be clear, a disclaimer in an IPR proceeding is binding in later proceedings, whether before the PTO or in court. See Aylus, 856 F.3d at 1361. We hold only that a disclaimer is not binding on the PTO in the very IPR proceeding in which it is made, just as a disclaimer in a district court proceeding would not bind the district court in that proceeding. This follows from the adjudicatory nature of IPR proceedings as contrasted with initial examination. See SAS Inst., Inc. v. Iancu, ––– U.S. ––––, 138 S. Ct. 1348, 1353, 200 L.Ed.2d 695 (2018) (contrasting the “inquisitorial process between patent owner and examiner [in] the initial Patent Office examination” from the IPR process, which “looks a good deal more like civil litigation”).

Moreover, Congress created a specialized process for patentees to amend their claims in an IPR. CUPP's proposed rule would render that process unnecessary because the same outcome could be achieved by disclaimer. See 35 U.S.C. § 316(d).

Nullifying Congress's amendment process would be particularly perverse because Congress protected the public in ways that CUPP's disclaimer rule would not. Congress gave accused infringers “intervening rights” protection for substantively amended claims, ensuring that such claims have only prospective effect. See id. §§ 318(c), 252. CUPP nowhere suggests that such intervening rights protections apply to claims effectively modified by disclaimer. See Marine Polymer Techs., Inc. v. HemCon, Inc., 672 F.3d 1350, 1362–63 (Fed. Cir. 2012) (en banc). Allowing patentees to modify their claims by disclaimer would thus effectively allow retrospective amendment in the IPR process. And because IPR petitioners can challenge existing claims only for non-compliance with §§ 102 or 103 of the Patent Act, see 35 U.S.C. § 311(b), under CUPP's proposal a patentee could modify a claim free of scrutiny for compliance with other patentability requirements, such as § 101. The amendment process carries no such risk. See Uniloc 2017 LLC v. Hulu, LLC, 966 F.3d 1295, 1303–04 (Fed. Cir. 2020) (the Board “is permitted to review and deny proposed substitute claims during IPR proceedings for patent ineligibility pursuant to § 101”). In brief, if patent owners could freely modify their claims by argument in an IPR, they could avoid the public-protecting amendment process that Congress prescribed. That cannot be. Disclaimers in an IPR proceeding are not binding in the proceeding in which they are made.


CUPP contends that the Board lacked substantial evidence to find the challenged claims in the '595 patent obvious. We disagree.

Unlike the '488 or '683 patents, the '595 patent claims a “security agent” on the mobile device. '595 patent, col. 31, ll. 38–40 & col. 32, ll. 41–43. The security agent can “receive [a] wake signal” from the security system processor and then “perform security services.” Id. at col. 31, ll. 34–40. The parties refer to this limitation as the “security agent limitation.” Before the Board, CUPP argued that the security agent limitation was not obvious because neither Gordon nor Joseph disclosed a corresponding component. The Board held that CUPP had not made this argument in its papers, and so had waived, i.e., forfeited it. And it found that, in any event, the limitation was obvious over either piece of prior art.

Because the Board's merits finding as to Gordon was supported by substantial evidence, we need not decide whether its forfeiture determination was an abuse of discretion, nor consider CUPP's argument regarding Joseph.

The Board found that Gordon disclosed components corresponding to the '595 patent's security agent and security system processor. Gordon describes a “host agent” on a mobile device that can undertake tasks such as “initiat[ing] a data delete process, a program update or an encryption key change.” Gordon, col. 15, ll. 52–53, J.A. 1915. The host agent can act “in coordination with” another unit known as the “security module” which contains a “firmware agent.” Id. at col. 3, ll. 36–64, J.A. 1909; see also id. at Fig. 1, J.A. 1903. In one embodiment, the firmware agent can “wake-up the host so that a data protection measure can be invoked.” Id. at col. 4, ll. 61–64, J.A. 1909. The Board concluded that Gordon disclosed a security system processor (the processor running the firmware agent) that can wake up a security agent (the host agent) to perform security services, rendering the security agent limitation obvious.

That conclusion was supported by substantial evidence. As the Board found, Gordon's host agent performs security services. The host agent can be instructed to “initiate a data delete process, a program update or an encryption key change.” Gordon, col. 15, ll. 52–53, J.A. 1915. Trend Micro's expert confirmed that several of these procedures are security services. See Jakobsson Declaration ¶ 152, J.A. 5748–49. And like the security agent in the '595 patent, the host agent appears to perform such services after receiving a wake-up call from another entity. See Gordon, col. 4, ll. 61–64, J.A. 1909 (“[T]he firmware agent [can] wake-up the host so that a data protection measure can be invoked.”).

CUPP also argues that the Board's conclusion in the '595 final written decision conflicts with its decisions regarding the '488 and '683 patents. The Board adequately explained why its findings are consistent. In the '488 and '683 patents, the security system processor “manage[s]” security services. '488 patent, col. 30, ll. 34–47 (emphasis added); '683 patent, col. 31, ll. 2–15 (same). The Board found that Gordon's security module and its firmware agent taught this function. See J.A. 41–44, 139–141. In the '488 and '683 patents, the feature that performs security services is not identified. See '488 patent, col. 30, ll. 34–47; '683 patent, col. 31, ll. 2–15. In the '595 patent, the security agent “perform[s]” security services. '595 patent, col. 31, ll. 38–39 (emphasis added). So too, the Board found, does the host agent in Gordon. See J.A. 90–91. There is no contradiction between saying that elements in Gordon (the security module and its firmware agent) manage security services and another element (the host agent) performs them.


The Board properly construed the challenged claims, and its decisions were supported by substantial evidence. We affirm.4



1.   The '595 patent omits the word “mobile” as a modifier to “security system processor.” '595 patent, col. 31, ll. 25–26 & col. 32, ll. 44–46. This omission has no significance for present purposes. We generally refer to this component as the security system processor.

2.   Though Congress amended § 103 in the Leahy-Smith America Invents Act (“AIA”), Pub. L. No. 112-29, sec. 3(c), § 103, 125 Stat. 284, 287 (2011), all claims at issue here have an effective filing date before March 16, 2013, and so are evaluated under the pre-AIA version of § 103. See Becton, Dickinson & Co. v. Baxter Corp. Englewood, 998 F.3d 1337, 1339 n.2 (Fed. Cir. 2021).

3.   Because the Board's reasoning was identical in this respect in all three final written decisions, and CUPP does not suggest the existence of material differences among those decisions, we here cite only to the final written decision concerning the '488 patent, Trend Micro Inc. v. CUPP Computing AS, IPR2019-00764 (P.T.A.B. Aug. 25, 2020).

4.   In its briefing, CUPP argues that the Acting Director's denial of the company's rehearing requests was invalid because he assertedly was not a principal officer under the Constitution. Our decision in Arthrex, Inc. v. Smith & Nephew, Inc., 35 F.4th 1328, 1335–40 (Fed. Cir. 2022), forecloses this argument, as CUPP conceded at oral argument. See Oral Arg. at 11:47–12:00.

Dyk, Circuit Judge.

Copied to clipboard