Case 1:23-cv-00758-JLH Document 112 Filed 07/25/24 Page 1 of 27 PageID #: 2192
`
`
`
`IN THE UNITED STATES DISTRICT COURT
`FOR THE DISTRICT OF DELAWARE
`
`
`ORCA SECURITY LTD.,
`
`
`Plaintiff,
`
`
`
`v.
`
`
`WIZ, INC.,
`
`
`
`
`Defendant.
`
`
`
`
`
`C.A. No. 23-758 (JLH)
`
`
`
`)
`)
`)
`)
`)
`)
`)
`)
`)
`
`ORCA SECURITY LTD.’S OPENING BRIEF IN SUPPORT OF ITS MOTION TO
`DISMISS WIZ, INC.’S COUNTERCLAIM COUNT IV
`UNDER FED. R. CIV. P. 12(b)(6)
`
`
`
`
`
`
`
`OF COUNSEL:
`
`Douglas E. Lumish
`Lucas Lonergan
`LATHAM & WATKINS LLP
`140 Scott Drive
`Menlo Park, CA 94025
`(650) 328-4600
`
`Blake R. Davis
`Peter Hoffman
`LATHAM & WATKINS LLP
`505 Montgomery Street, Suite 2000
`San Francisco, CA 94111
`(415) 391-0600
`
`Kristina D. McKenna
`Christopher Henry
`LATHAM & WATKINS LLP
`200 Clarendon Street
`Boston, MA 02116
`(617) 948-6000
`
`July 25, 2024
`
`MORRIS, NICHOLS, ARSHT &TUNNELL LLP
`Jack B. Blumenfeld (#1014)
`Rodger D. Smith II (#3778)
`Cameron P. Clark (#6647)
`1201 North Market Street
`P.O. Box 1347
`Wilmington, DE 19899-1347
`(302) 658-9200
`jblumenfeld@morrisnichols.com
`rsmith@morrisnichols.com
`cclark@morrisnichols.com
`
`Attorneys for Plaintiff Orca Security Ltd.
`
`
`
`Ryan Thomas Banks
`LATHAM & WATKINS LLP
`650 Town Center Drive, 20th Floor
`Costa Mesa, CA 92626
`(714) 540-1235
`
`Nicole Elena Bruner
`LATHAM & WATKINS LLP
`555 Eleventh Street, NW, Suite 1000
`Washington, DC 20004
`(202) 637-2200
`
`
`
`
`

`

`Case 1:23-cv-00758-JLH Document 112 Filed 07/25/24 Page 2 of 27 PageID #: 2193
`
`
`
`I.
`
`II.
`
`TABLE OF CONTENTS
`
`Page
`
`NATURE AND STAGE OF PROCEEDINGS .................................................................. 1
`
`SUMMARY OF THE ARGUMENT ................................................................................. 1
`
`III.
`
`STATEMENT OF FACTS ................................................................................................. 3
`
`A.
`
`The ’549 Patent ....................................................................................................... 3
`
`1.
`
`2.
`
`The ’549 Patent Specification ..................................................................... 3
`
`The ’549 Patent Claims ............................................................................... 5
`
`IV.
`
`LEGAL STANDARDS ...................................................................................................... 6
`
`A.
`
`B.
`
`Motions To Dismiss Under Rule 12(b)(6) .............................................................. 6
`
`Patent Eligibility Under 35 U.S.C. § 101................................................................ 6
`
`V.
`
`ARGUMENT ...................................................................................................................... 7
`
`A.
`
`Alice Step One: The Claims Are Directed to An Abstract Idea .............................. 7
`
`1.
`
`2.
`
`The Independent Claims are Directed to An Abstract Idea ........................ 8
`
`The Dependent Claims Are Equally Abstract ........................................... 13
`
`B.
`
`Alice Step Two: The Claims Add Nothing Inventive to the Abstract Idea ........... 15
`
`1.
`
`2.
`
`The ’549 Independent Claims Add Nothing Inventive ............................. 15
`
`The Dependent Claims Add Nothing Inventive ........................................ 17
`
`C.
`
`There Is No Reason to Delay Finding the Claims Ineligible ................................ 18
`
`VI.
`
`CONCLUSION ................................................................................................................. 20
`
`
`
`i
`
`

`

`Case 1:23-cv-00758-JLH Document 112 Filed 07/25/24 Page 3 of 27 PageID #: 2194
`
`
`
`Cases
`
`TABLE OF AUTHORITIES
`
`
`
`Page(s)
`
`Aatrix Software, Inc. v. Green Shades Software, Inc.,
`882 F.3d 1121 (Fed. Cir. 2018)................................................................................................20
`
`Affinity Labs of Tex., LLC v. DIRECTV, LLC,
`838 F.3d 1253 (Fed. Cir. 2016)................................................................................................14
`
`AI Visualize, Inc. v. Nuance Commc’ns, Inc.,
`97 F.4th 1371 (Fed. Cir. 2024) ............................................................................................6, 11
`
`Alice Corp. v. CLS Bank International,
`573 U.S. 208 (2014) ......................................................................................................... passim
`
`Bascom Glob. Internet Servs., Inc. v. AT&T Mobility, LLC,
`827 F.3d 1341 (Fed. Cir. 2016)................................................................................................17
`
`Beteiro, LLC v. DraftKings Inc.,
`104 F.4th 1350 (Fed. Cir. 2024) ................................................................................6, 7, 16, 19
`
`BSG Tech LLC v. Buyseasons, Inc.,
`899 F.3d 1281 (Fed. Cir. 2018)........................................................................................ passim
`
`Cellspin Soft, Inc. v. Fitbit, Inc.,
`927 F.3d 1306 (Fed. Cir. 2019)................................................................................................20
`
`Chamberlain Grp., Inc. v. Techtronic Indus. Co.,
`935 F.3d 1341 (Fed. Cir. 2019)................................................................................................15
`
`ChargePoint, Inc. v. SemaConnect, Inc.,
`920 F.3d 759 (Fed. Cir. 2019)....................................................................................................8
`
`Chewy, Inc. v. IBM Corp.,
`94 F.4th 1354 (Fed. Cir. 2024) ..............................................................................11, 14, 16, 18
`
`Content Extraction & Transmission LLC v. Wells Fargo Bank, Nat’l Ass’n,
`776 F.3d 1343 (Fed. Cir. 2014)....................................................................................14, 15, 19
`
`cxLoyalty, Inc. v. Maritz Holdings Inc.,
`986 F.3d 1367 (Fed. Cir. 2021)................................................................................................14
`
`Elec. Commc’n Techs., LLC v. ShoppersChoice.com, LLC,
`958 F.3d 1178 (Fed. Cir. 2020)................................................................................................19
`
`ii
`
`

`

`Case 1:23-cv-00758-JLH Document 112 Filed 07/25/24 Page 4 of 27 PageID #: 2195
`
`
`
`Elec. Power Grp., LLC v. Alstom S.A.,
`830 F.3d 1350 (Fed. Cir. 2016)....................................................................................11, 14, 18
`
`Enfish, LLC v. Microsoft Corp.,
`822 F.3d 1327 (Fed. Cir. 2016)................................................................................................13
`
`Ericsson Inc. v. TCL Comm’n Tech. Holdings Ltd.,
`955 F.3d 1317 (Fed. Cir. 2020)................................................................................................10
`
`FairWarning IP, LLC v. Iatric Sys., Inc.,
`839 F.3d 1089 (Fed. Cir. 2016)....................................................................................10, 12, 14
`
`Hyper Search, LLC v. Facebook, Inc.,
`C.A. No. 17-1387-CFC-SRF, 2018 WL 6617143 (D. Del. Dec. 17, 2018) ............................17
`
`IBM Corp. v. Zillow Group,
`50 F.4th 1371 (Fed. Cir. 2022) ................................................................................2, 11, 18, 20
`
`Intell. Ventures I LLC v. Capital One Bank (USA),
`792 F.3d 1363 (Fed. Cir. 2015)....................................................................................12, 17, 18
`
`Intell. Ventures I LLC v. Erie Indem. Co.,
`850 F.3d 1315 (Fed. Cir. 2017)................................................................................................16
`
`Intellectual Ventures I LLC v. Symantec Corp.,
`838 F.3d 1307 (Fed. Cir. 2016)........................................................................................ passim
`
`Interval Licensing LLC v. AOL, Inc.,
`896 F.3d 1335 (Fed. Cir. 2018)................................................................................................20
`
`James v. City of Wilkes-Barre,
`700 F.3d 675 (3d Cir. 2012).......................................................................................................6
`
`Neochloris, Inc. v. Emerson Process Mgmt. LLLP,
`140 F. Supp. 3d 763 (N.D. Ill. 2015) .......................................................................................17
`
`OIP Techs., Inc. v. Amazon.com, Inc.,
`788 F.3d 1359 (Fed. Cir. 2015)................................................................................................14
`
`PersonalWeb Techs. LLC v. Google LLC,
`8 F.4th 1310 (Fed. Cir. 2021) ..................................................................................9, 10, 16, 18
`
`Quad City Pat., LLC v. Zoosk, Inc.,
`498 F. Supp. 3d 1178 (N.D. Cal. 2020) ...................................................................................17
`
`Recentive Analytics, Inc. v. Fox Corp.,
`692 F. Supp. 3d 438 (D. Del. 2023) .........................................................................................17
`
`iii
`
`

`

`Case 1:23-cv-00758-JLH Document 112 Filed 07/25/24 Page 5 of 27 PageID #: 2196
`
`
`
`RecogniCorp, LLC v. Nintendo Co., Ltd.,
`855 F.3d 1322 (Fed. Cir. 2017)................................................................................................11
`
`Sanderling Mgmt. Ltd. v. Snap Inc.,
`65 F.4th 698 (Fed. Cir. 2023) ..............................................................................................6, 19
`
`SAP Am., Inc. v. InvestPic, LLC,
`898 F.3d 1161 (Fed. Cir. 2018)........................................................................................ passim
`
`Simio, LLC v. FlexSim Software Products, Inc.,
`983 F.3d 1353 (Fed. Cir. 2020)........................................................................................ passim
`
`Trading Techs. Int’l, Inc. v. IBG LLC,
`921 F.3d 1084 (Fed. Cir. 2019)..........................................................................................11, 14
`
`Trinity Info Media, LLC v. Covalent, Inc.,
`72 F.4th 1355 (Fed. Cir. 2023) ......................................................................................8, 10, 16
`
`Two-Way Media Ltd. v. Comcast Cable Commc’ns, LLC,
`874 F.3d 1329 (Fed. Cir. 2017)......................................................................................7, 11, 18
`
`Univ. of Fla. Rsch. Found., Inc. v. Gen. Elec. Co.,
`916 F.3d 1363 (Fed. Cir. 2019)..................................................................................................9
`
`Universal Secure Registry LLC v. Apple Inc.,
`10 F.4th 1342 (Fed. Cir. 2021) ..............................................................................12, 15, 16, 19
`
`Vehicle Intel. & Safety LLC v. Mercedes-Benz USA, LLC,
`635 F. App’x 914 (Fed. Cir. 2015) ..........................................................................................17
`
`Rules and Statutes
`
`35 U.S.C. § 101 ..................................................................................................................1, 6, 7, 19
`
`Fed. R. Civ. P. 12(b)(6)..........................................................................................................1, 6, 18
`
`
`
`iv
`
`

`

`Case 1:23-cv-00758-JLH Document 112 Filed 07/25/24 Page 6 of 27 PageID #: 2197
`
`
`
`I.
`
`NATURE AND STAGE OF PROCEEDINGS
`
`Plaintiff and Counterclaim-Defendant Orca Security Ltd. (“Orca”) alleges that
`
`Defendant and Counterclaim-Plaintiff Wiz, Inc. (“Wiz”) infringes six patents: U.S. Patent
`
`Nos. 11,663,031, 11,663,032, 11,693,685, 11,726,809, 11,740,926, and 11,775,326. D.I. 15
`
`(Second Amended Complaint). On November 21, 2023, Wiz filed a Motion to Dismiss Orca’s
`
`claims of indirect and willful infringement (D.I. 17, 18), which the Court denied on May 21, 2024.
`
`D.I. 65. On June 4, 2024, Wiz filed counterclaims, alleging that Orca infringes U.S. Patent
`
`Nos. 11,722,554, 11,929,896, 11,936,693, 12,001,549 (“’549 patent”), and 12,003,529. D.I. 70
`
`at 37-147 (“CC”). Orca now moves to dismiss Counterclaim Count IV (CC ¶¶ 89-108) under
`
`Rule 12(b)(6) because the ’549 patent lacks patent-eligible subject matter under 35 U.S.C. § 101
`
`and Alice Corp. v. CLS Bank International, 573 U.S. 208 (2014).
`
`II.
`
`SUMMARY OF THE ARGUMENT
`
`1.
`
`The Court should hold that Wiz’s ’549 patent claims (asserted in
`
`Counterclaim Count IV) are ineligible for patent protection under § 101 and grant Orca’s motion
`
`to dismiss with prejudice. In Alice, the Supreme Court set forth its two-step test for determining
`
`whether computer implemented patent claims are eligible under § 101, which is a threshold
`
`requirement for any patent suit. Under Alice, computer implemented claims are ineligible if they
`
`(i) are directed to an abstract idea and (ii) add nothing inventive to that abstract idea. Wiz’s ’549
`
`patent claims fail that test.
`
`2.
`
`At Alice step one, the claims are directed to the abstract idea of retrieving,
`
`contextualizing, querying, and responding to cybersecurity threat information. The ’549 patent
`
`addresses a human problem: “an operator will often receive an alert [about a cybersecurity threat]
`
`that lacks context” and “does not … indicate what, if at all, should be done” to respond. ’549 patent
`
`
`
`

`

`Case 1:23-cv-00758-JLH Document 112 Filed 07/25/24 Page 7 of 27 PageID #: 2198
`
`
`
`at 1:51-56. The purported solution is to use existing computer technology—including natural
`
`language processing techniques such as a “large language model,” or “LLM”—to generate
`
`additional context and thereby make it easier to respond. Indeed, Wiz itself alleges that humans
`
`can be involved in every single step of the claims—a key indication of abstraction. That the claims
`
`also recite using existing computer technology does not make them less abstract.
`
`3.
`
`At Alice step two, the claims add no inventive concept beyond the abstract
`
`idea. Indeed, the specification expressly acknowledges that the claims can be implemented using
`
`well-known large language models—like OpenAI’s ChatGPT, or Google’s BERT. See, e.g.,
`
`’549 patent at 16:25-26, 10:14-40. The remaining steps, by admission, can be implemented on
`
`generic computer components, such as “general-purpose microprocessors” or “any other hardware
`
`logic components that can perform calculations.” Id. at 17:59-18:3; see also, e.g., id. at 18:43-45.
`
`4.
`
`The Federal Circuit has held similar, or even more technological-seeming,
`
`claims ineligible as a matter of law, including claims for identifying and responding to risky emails
`
`in Intellectual Ventures I LLC v. Symantec Corp., 838 F.3d 1307 (Fed. Cir. 2016) (“Symantec”);
`
`implementing graphical object-oriented programming in Simio, LLC v. FlexSim Software
`
`Products, Inc., 983 F.3d 1353 (Fed. Cir. 2020) (ineligible claims), analyzing and presenting
`
`relevant information in IBM Corp. v. Zillow Group, 50 F.4th 1371 (Fed. Cir. 2022), and
`
`implementing a database structure with contextual information in BSG Tech LLC v. Buyseasons,
`
`Inc., 899 F.3d 1281 (Fed. Cir. 2018). Wiz’s ’549 patent claims are likewise ineligible as a matter
`
`of law and its Counterclaim IV (CC ¶¶ 89-108) should be dismissed with prejudice.
`
`2
`
`

`

`Case 1:23-cv-00758-JLH Document 112 Filed 07/25/24 Page 8 of 27 PageID #: 2199
`
`
`
`III.
`
`STATEMENT OF FACTS
`
`A.
`
`The ’549 Patent
`
`Wiz filed the ’549 patent application on January 31, 2024, five months after Orca
`
`brought this suit against Wiz. The patent issued on June 4, 2024, and Wiz asserted it against Orca
`
`that day.
`
`1.
`
`The ’549 Patent Specification
`
`The ’549 patent specification states that it “relates generally to cybersecurity
`
`incident response and specifically to initiating mitigation actions in response to detected
`
`cybersecurity threats.” ’549 patent at 1:16-18. The patent explains that in typical “cybersecurity
`
`solutions,” an “operator” (i.e., a human) would “receive an alert” (an “incident”) about a
`
`cybersecurity threat (e.g., a message stating that a system has been accessed without authorization)
`
`and then query a database or other “structured data” to determine how to respond. See id. at 1:22-
`
`56. But the patent states this process is “not always human-friendly” because it “requires a human
`
`to learn a special query language which the machine uses to retrieve and store data.” Id. at 1:31-
`
`37. Accordingly, the patent explains that a human can instead use existing techniques to generate
`
`natural language “prompts” for known “large language models” (LLMs), to “provide[] accurate
`
`translation between a query received in natural language and a database query, in order to provide
`
`a user with a relevant result to their query.” Id. at 10:14-28; see id. at 1:39-43.
`
`However, according to the patent, the problem was “a lack of context”: “an operator
`
`will often receive an alert that lacks context” and “does not provide a root cause, or indicate what,
`
`if at all, should be done to remediate, mitigate, and the like.” Id. at 1:51-56. Then, lacking relevant
`
`context, if the operator inputs an ambiguous natural language query (e.g., “what is jay?”), the
`
`computer has no way of discerning between different possible meanings and, accordingly, the
`
`3
`
`

`

`Case 1:23-cv-00758-JLH Document 112 Filed 07/25/24 Page 9 of 27 PageID #: 2200
`
`
`
`resulting computer database query will not necessarily produce useful results. Id. at 1:44-49. The
`
`patent’s purported solution, therefore, is to supply additional context so that, when the operator
`
`inputs a natural language query (which is converted to a database query) to look up next steps, the
`
`resulting information will be more useful. See, e.g., id. at 1:44-58, 2:60-65.
`
`The specification acknowledges that no new computer technology is required.
`
`Instead, the patent states that the steps require only generic “hardware, firmware, software, or any
`
`combination thereof,” id. at 18:43-45—for example, “general-purpose microprocessors” or “any
`
`other hardware logic components that can perform calculations,” id. at 17:59-18:3. At the outset,
`
`the purported invention does not describe any new way of identifying security threats; rather, it
`
`receives already-identified security information (“incidents”) and facilitates the user obtaining
`
`additional context to employ in querying a database for potential responses. And the patent
`
`acknowledges that this requires only well-known large language models such as OpenAI’s
`
`ChatGPT, or Google’s BERT, see, e.g., ’549 patent at 16:25-26 (“A large language model is, for
`
`example, GPT, BERT, and the like.”), 10:14-40 (same), and existing tools to convert natural
`
`language queries to database queries, see id. at 12:13-17 (“natural language processing (NLP)
`
`techniques” include known “distance-based Word2Vec”), 1:38-43. Moreover, the patent states
`
`that humans are integral in the purported solution. For example, the user can retrieve additional
`
`context by providing input to match the incident to unspecified “predefined scenarios.” Id.
`
`At 15:27-40, 16:2, Fig. 6.
`
`In sum, the patent acknowledges that its advance is supplying additional context or
`
`“structure” for natural language database queries (see id. at 10:10-13, 1:26-37)—not a new tool or
`
`feature for identifying a security threat, querying a database, or implementing a response. To
`
`facilitate a user’s natural language queries, the patent describes using conventional techniques,
`
`4
`
`

`

`Case 1:23-cv-00758-JLH Document 112 Filed 07/25/24 Page 10 of 27 PageID #: 2201
`
`
`
`including large language models, to generate the structured database queries (id. at 10:20-28,
`
`12:46-52), and using conventional database technology, such as SQL, to store and retrieve the
`
`data. Id. at 1:30-37. The result of an executed database query can be “provided to … a user,” who
`
`can initiate mitigation actions. Id. at 11:30-39, 17:14-21. The patent does not purport to invent or
`
`improve such technologies; it merely uses them.
`
`2.
`
`The ’549 Patent Claims
`
`The ’549 patent’s claims likewise recite no specific technological advances, instead
`
`applying conventional LLM technology to common human activity. Each of the three independent
`
`claims (claims 1, 11, and 12) recites basic steps for “providing [a] cybersecurity incident response”
`
`by (1) receiving cybersecurity threat information (“an incident”), (2) contextualizing the
`
`information using an LLM, (3) querying a cybersecurity database using that context, and
`
`(4) initiating a mitigation action. That is, the claims recite receiving, determining, querying, and
`
`responding to cybersecurity information. Claim 1—the only independent claim Wiz asserts—is
`
`representative:
`
`1. A method for providing cybersecurity incident response, comprising:
`
`receiving an incident input based on a cybersecurity event;
`
`generating a prompt for a large language model (LLM) based on the received
`incident input;
`
`configuring the LLM to generate an output based on the generated prompt;
`
`mapping the received incident input into a scenario of a plurality of scenarios based
`on the output of the LLM, wherein each scenario is associated with an incident
`response;
`
`generating a query based on the received incident input and the mapped scenario;
`
`executing the query on a security database, the security database including a
`representation of a computing environment;
`
`initiating a mitigation action based on a result of the executed query.
`
`
`
`5
`
`

`

`Case 1:23-cv-00758-JLH Document 112 Filed 07/25/24 Page 11 of 27 PageID #: 2202
`
`
`
`The other two independent claims are materially the same, except they recite a
`
`“computer-readable medium” (claim 11) and “system” (claim 12) for performing the same
`
`computer functions, with additional generic hardware limitations. The dependent claims recite
`
`incidental limitations, including types of incident inputs (claim 2), LLM usage (claims 3, 4, 5,
`
`and 7), user interface activity (claims 6, 8, and 10), and database storage (claim 9). Infra at 13-14,
`
`17-18. Dependent claims 13-21 recite the same limitations as claims 2-10.
`
`IV.
`
`LEGAL STANDARDS
`
`A. Motions To Dismiss Under Rule 12(b)(6)
`
`Patent eligibility under § 101 is a threshold issue that “may be, and frequently has
`
`been, resolved on a Rule 12(b)(6)” motion, before formal claim construction or fact development,
`
`where there are no relevant factual disputes. SAP Am., Inc. v. InvestPic, LLC, 898 F.3d 1161, 1166
`
`(Fed. Cir. 2018); see, e.g., AI Visualize, Inc. v. Nuance Commc’ns, Inc., 97 F.4th 1371, 1377 (Fed.
`
`Cir. 2024) (affirming Rule 12(b)(6) dismissal); Beteiro, LLC v. DraftKings Inc., 104 F.4th 1350,
`
`1358 (Fed. Cir. 2024) (same); Sanderling Mgmt. Ltd. v. Snap Inc., 65 F.4th 698, 705 (Fed. Cir.
`
`2023) (same). The Court accepts well-pleaded factual allegations but “disregard[s] rote recitals of
`
`the elements of a cause of action, legal conclusions, and mere conclusory statements.” James v.
`
`City of Wilkes-Barre, 700 F.3d 675, 679 (3d Cir. 2012) (citations omitted). And “‘generalized
`
`assertions that factual considerations about the state of the art preclude a decision at the pleadings
`
`stage’ do not prevent a district court from granting a motion to dismiss.” Beteiro, 104 F.4th at 1358
`
`(citation omitted).
`
`B.
`
`Patent Eligibility Under 35 U.S.C. § 101
`
`Section 101 delineates the categories of patent eligible subject matter, and “contains
`
`an important implicit exception” for abstract ideas—such as mental processes, human activities,
`
`6
`
`

`

`Case 1:23-cv-00758-JLH Document 112 Filed 07/25/24 Page 12 of 27 PageID #: 2203
`
`
`
`or basic computerized steps—which are ineligible. Alice, 573 U.S. at 216 (citation omitted). The
`
`two-step Alice framework governs whether computer-based claims are ineligible. Id. at 217-27.
`
`At step one, the Court determines whether the asserted claims are, at root, directed
`
`to an abstract idea notwithstanding the recitation of any computer features. Id. at 218. If so, at
`
`step two, the Court determines whether the other claim elements, individually or collectively, add
`
`“significantly more”—i.e., an “inventive concept”—apart from the abstract idea. Id. at 217-22.
`
`The claims cannot “simply … implement the abstract idea … on a generic computer.” Id. at 225.
`
`If claims add nothing inventive at step two, they are ineligible under § 101 as a matter of law. Id.
`
`At both steps, the eligible subject matter cannot stem from the abstract idea itself.
`
`See Simio, 983 F.3d at 1365. Automating an idea in a “particular technological environment” with
`
`conventional computer technology does not make claims “less abstract” and contributes nothing
`
`inventive. Symantec, 838 F.3d at 1314 (citation omitted). Nor may claims simply recite “generic
`
`functional language to achieve [the] purported solutions” without claiming “how the desired result
`
`is achieved.” Two-Way Media Ltd. v. Comcast Cable Commc’ns, LLC, 874 F.3d 1329, 1339 (Fed.
`
`Cir. 2017) (citation omitted). Indeed, “[c]laims of this nature are almost always found to be
`
`ineligible” under § 101. Beteiro, 104 F.4th at 1356.
`
`V.
`
`ARGUMENT
`
`Wiz’s ’549 patent claims are ineligible under § 101 and Alice because they are
`
`directed to an abstract idea and add nothing inventive.
`
`A.
`
`Alice Step One: The Claims Are Directed to An Abstract Idea
`
`The claims of the ’549 patent are directed to the abstract idea of retrieving,
`
`contextualizing, querying, and responding to cybersecurity threat information—activities that
`
`humans can perform.
`
`7
`
`

`

`Case 1:23-cv-00758-JLH Document 112 Filed 07/25/24 Page 13 of 27 PageID #: 2204
`
`
`
`1.
`
`The Independent Claims are Directed to An Abstract Idea
`
`The independent claims recite that abstract idea as a series of basic steps. Claim 1
`
`of the ’549 patent (which is representative) recites “a method for providing cybersecurity incident
`
`response” by: (1) “receiving” information about a cybersecurity threat (“an incident”);
`
`(2) determining relevant context by using existing LLMs (i.e., generating a prompt for an LLM
`
`based on the incident and using the LLM’s output to “map[]” the incident to a “scenario”);
`
`(3) querying a cybersecurity database using that incident/scenario context (i.e., generating and
`
`executing a query on a security database that includes “a representation of a computing
`
`environment”); and (4) “initiating a mitigation action based on a result of the executed query.”
`
`’549 patent cl. 1. Independent claims 11 and 12 are the same but are couched as a computer
`
`“medium” and “system” for performing the same steps, which does not change the analysis. See
`
`Alice, 573 U.S. at 226 (ineligible system and software claims “no different from the method claims
`
`in substance”). Therefore, all independent claims focus on retrieving, contextualizing, querying,
`
`and responding to cybersecurity threat information. The specification confirms those steps are the
`
`purported advance. See, e.g., ’549 patent at 1:16-18, 1:22-43, 1:51-58; see also ChargePoint, Inc.
`
`v. SemaConnect, Inc., 920 F.3d 759, 774 (Fed. Cir. 2019) (specification is useful in identifying
`
`purported advance); CC ¶¶ 10, 90-92. The claims are directed to an abstract idea for three reasons.
`
`First, the claims are directed to a human problem and provide a solution that
`
`automates human activities—a “telltale sign of abstraction.” Trinity Info Media, LLC v. Covalent,
`
`Inc., 72 F.4th 1355, 1361 (Fed. Cir. 2023) (citation omitted); see also, e.g., PersonalWeb Techs.
`
`LLC v. Google LLC, 8 F.4th 1310, 1318 (Fed. Cir. 2021) (“mere automation of manual processes
`
`using generic computers … fails step one”) (citation omitted); Univ. of Fla. Rsch. Found., Inc. v.
`
`Gen. Elec. Co., 916 F.3d 1363, 1367 (Fed. Cir. 2019) (similar). As the specification describes,
`
`generating database queries was not “human-friendly” and that, although existing natural language
`
`8
`
`

`

`Case 1:23-cv-00758-JLH Document 112 Filed 07/25/24 Page 14 of 27 PageID #: 2205
`
`
`
`processing techniques allowed users to translate natural language into machine language queries,
`
`they often lacked relevant context and thus failed to produce relevant responses. Supra at 3. In
`
`turn, the patent’s purported solution is using generic computers and well-known LLMs to generate
`
`relevant context for natural language queries of a cybersecurity database, so that the human
`
`operator receives more relevant information to better respond to an incident. Supra at 3-4.
`
`Therefore, because the claims are rooted in human problems and activities, they are abstract.
`
`The patentee’s own statements support that conclusion. The ’549 patent admits
`
`that human activity and input is integral to the claim steps: users (humans) can: (1) receive
`
`cybersecurity threat information, see ’549 patent at 1:51-52, 7:30-37; (2) provide input for a natural
`
`language query, id. at 11:45-47, 12:53-55, “scenario” selections, id. at 2:44-45, 2:48-49, 3:52-56,
`
`3:59-61, 4:56-63, 6:11-19, 15:22-40, and “generating a prompt” for the LLM, id. at 2:49-50; see
`
`also id. at 2:52-54, 3:62-66, 4:64-66, 5:5-7, 6:19-23, 6:35-37; (3) query the database, id. at 10:14-
`
`19; and (4) initiate a response, see id. at 17:15-21, 1:51-56. Likewise, Wiz’s counterclaim
`
`confirms that human activity is integral to the claim steps: Wiz’s allegations depend at every turn
`
`on human activities and input. See CC ¶¶ 96-104 (Counterclaim Count IV: alleging infringement
`
`based on user receiving human-readable alerts; user actions in generating prompts, configuring an
`
`LLM by clicking a “toggle” button, mapping scenarios, generating and executing a database query
`
`by “click[ing]”; and “allowing users to take remedial steps based on the query results”). By the
`
`patentee’s own admissions, therefore, human activity is integral to the claim limitations. And
`
`automating such steps that involve, or are akin to, human activity does not make the claims “any
`
`less abstract.” Symantec, 838 F.3d at 1319.
`
`The Federal Circuit has found abstract and ineligible similar claims involving
`
`human-performable concepts for processing and responding to data. For example, in Symantec,
`
`9
`
`

`

`Case 1:23-cv-00758-JLH Document 112 Filed 07/25/24 Page 15 of 27 PageID #: 2206
`
`
`
`the claims provided a computer network system for identifying undesirable or risky electronic
`
`messages (e.g., spam or viruses) based on their data attributes and taking actions accordingly.
`
`838 F.3d at 1316-17. The claims recited various computer components for performing those steps,
`
`including a “receipt mechanism,” a database of rules, a “rule engine,” and a “distribution
`
`mechanism.” Id. at 1317. The court held the claims were akin to a “method of organizing human
`
`activity” in a corporate mailroom and thus abstract at step one. Id. at 1318; see also id. at 1313-
`
`16, 1319-20 (holding other computer and security claims abstract). In PersonalWeb, the computer
`
`claims recited content-based data processing systems that analyzed data attributes using hash
`
`functions and took actions based on those attributes, such as allowing or denying access to the
`
`data. 8 F.4th at 1316. The court held that the claim steps were akin to mental concepts performable
`
`“using a pencil and paper” and thus abstract. Id. at 1316 (citation omitted); see also Trinity,
`
`72 F.4th at 1362 (computer claims directed to the abstract idea of “matching based on questioning”
`
`because “[a] human mind” could perform similar activities); FairWarning IP, LLC v. Iatric Sys.,
`
`Inc., 839 F.3d 1089, 1097 (Fed. Cir. 2016) (claims for identifying suspicious activity in sensitive
`
`medical file); Ericsson Inc. v. TCL Comm’n Tech. Holdings Ltd., 955 F.3d 1317, 1326 (Fed. Cir.
`
`2020) (claims for controlling software access). Here, the claims similarly recite steps that are akin
`
`to human activities—retrieving, contextualizing, querying, and responding to threat information—
`
`and are, therefore, abstract.
`
`In addition, the Federal Circuit has held that making the user more efficient—for
`
`example, alleviating the need for technical programming knowledge (in Simio) or providing more
`
`relevant data (in IBM and other cases)—indicates an abstract idea rather than a patent-eligible
`
`technological advance. See Simio, 983 F.3d at 1356 (ineligible claims for “making object-oriented
`
`simulation easier” without software programming knowledge); IBM, 50 F.4th at 1378 (ineligible
`
`10
`
`

`

`Case 1:23-cv-00758-JLH Document 112 Filed 07/25/24 Page 16 of 27 PageID #: 2207
`
`
`
`claims for providing “‘humanly comprehensible’ amount of information useful for users”) (citation
`
`omitted); Chewy, Inc. v. IBM Corp., 94 F.4th 1354, 1366-67 (Fed.